Unrated severityCISA KEVNVD Advisory· Published Aug 3, 2023· Updated Nov 4, 2025

CVE-2023-38950

Description

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. This vulnerability was fixed in version 9.0.120240617.19506 of ZKBioTime.

Affected products

ZKTeco/BioTimedescription

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

zkteco.commitre
claroty.com/team82/disclosure-dashboard/cve-2023-38950mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000