CVE-2016-20025

high

Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php

https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions

https://www.exploit-db.com/exploits/40323/

https://packetstormsecurity.com/files/138566

https://exchange.xforce.ibmcloud.com/vulnerabilities/116486

https://cxsecurity.com/issue/WLB-2016080265

Details

Source: Mitre, NVD

Published: 2026-03-16

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 8.7

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: High

EPSS

EPSS: 0.00055