CVE-2016-20025

HIGH

ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-20025. PoCs published by LiquidWorm.

AI-analyzed exploit summary The vulnerability involves insecure file permissions in ZKTeco ZKAccess Professional 3.5.3, where the 'Authenticated Users' group has modify (M) permissions on the executable directory, allowing privilege escalation by replacing the binary.

Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/40323

View Code ZIP pw:eip

The vulnerability involves insecure file permissions in ZKTeco ZKAccess Professional 3.5.3, where the 'Authenticated Users' group has modify (M) permissions on the executable directory, allowing privilege escalation by replacing the binary.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: ZKTeco ZKAccess Professional 3.5.3 (Build 0005)

Auth required

Prerequisites: Authenticated user access on the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Mar 16, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory

Zero Science Lab Disclosure

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.php

Third Party Advisory third-party-advisory

CXSecurity

https://cxsecurity.com/issue/WLB-2016080265

Vdb Entry vdb-entry

IBM X-Force Exchange

https://exchange.xforce.ibmcloud.com/vulnerabilities/116486

Exploit exploit

Packet Storm Security

https://packetstormsecurity.com/files/138566

Exploit exploit

Reference

https://www.exploit-db.com/exploits/40323/

Third Party Advisory third-party-advisory

VulnCheck Advisory: ZKTeco ZKAccess Professional 3.5.3 Privilege Escalation via Insecure Permissions

https://www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissions

Scores

CVSS v3 8.8

EPSS 0.0044

EPSS Percentile 35.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-552

Status published

Products (1)

ZKTeco Inc./ZKTeco ZKAccess Professional 3.5.3 (Build 0005)

Published Mar 16, 2026

Tracked Since Mar 16, 2026