Browse all 4 CVE security advisories affecting ZKTeco Co. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ZKTeco specializes in biometric identification and access control systems, serving enterprises and government facilities with time attendance, access management, and surveillance solutions. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insufficient input validation and insecure default configurations. The company has faced scrutiny for multiple vulnerabilities affecting its web interfaces and mobile applications, with four CVEs documenting issues that could allow unauthorized access or system compromise. Security researchers have highlighted poor encryption practices and hardcoded credentials as recurring concerns, though no major public security incidents have been widely reported.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-55280 | Information Disclosure Vulnerability in ZKTeco WL20 — WL20 Biometric Attendance SystemCWE-312 | 6.4AI | MediumAI | 2025-08-13 |
| CVE-2025-55279 | Hard-coded Private Key Vulnerability in ZKTeco WL20 — WL20 Biometric Attendance SystemCWE-798 | 5.7AI | MediumAI | 2025-08-13 |
| CVE-2025-54465 | Hard-coded Credentials Vulnerability in ZKTeco WL20 — WL20 Biometric Attendance SystemCWE-798 | 6.8AI | MediumAI | 2025-08-13 |
| CVE-2025-54464 | Cleartext Storage Vulnerability in ZKTeco WL20 — WL20 Biometric Attendance SystemCWE-312 | 6.4AI | MediumAI | 2025-08-13 |
This page lists every published CVE security advisory associated with ZKTeco Co. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.