High severity8.8NVD Advisory· Published Mar 16, 2026· Updated Apr 15, 2026

CVE-2016-20025

Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code for privilege escalation.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cxsecurity.com/issue/WLB-2016080265nvd
exchange.xforce.ibmcloud.com/vulnerabilities/116486nvd
packetstormsecurity.com/files/138566nvd
www.exploit-db.com/exploits/40323/nvd
www.vulncheck.com/advisories/zkteco-zkaccess-professional-privilege-escalation-via-insecure-permissionsnvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5361.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000