High severity8.8NVD Advisory· Published Mar 16, 2026· Updated Jun 8, 2026
CVE-2016-20025
CVE-2016-20025
Description
ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=3.5.3
Patches
Vulnerability mechanics
References
6- cxsecurity.com/issue/WLB-2016080265nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/116486nvd
- packetstormsecurity.com/files/138566nvd
- www.exploit-db.com/exploits/40323/nvd
- www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissionsnvd
- www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.phpnvd
News mentions
0No linked articles in our index yet.