Home / Vulnerability Intelligence / CVE-2016-20025

CVE-2016-20025 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 16, 2026

Published: March 16, 2026Updated: March 16, 2026Remote Exploitable

Overview

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Severity & Score

Severity: High

CVSS Score: 8.8

References

https://cxsecurity.com/issue/WLB-2016080265
https://exchange.xforce.ibmcloud.com/vulnerabilities/116486
https://packetstormsecurity.com/files/138566
https://www.exploit-db.com/exploits/40323/
https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2016-20025
Severity: High
CVSS Score: 8.8
Status: unconfirmed

CWE

CWE-552

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H