Browse all 17 CVE security advisories affecting ZKteco. AI-powered Chinese analysis, POCs, and references for each vulnerability.
ZKTeco specializes in biometric identification and access control systems, with applications in time attendance, security, and workforce management. Historically, their products have faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from insufficient input validation and insecure default configurations. Security researchers have identified multiple authentication bypass flaws and weak encryption implementations in their devices. While no major public security incidents have been widely documented, the 17 CVEs on record highlight persistent security concerns, particularly in web interfaces and communication protocols. These issues often allow unauthorized access or system compromise, emphasizing the need for rigorous security updates in environments deploying ZKTeco solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-15128 | ZKTeco BioTime Endpoint safe_setting credentials storage — BioTimeCWE-256 | 5.3 | Medium | 2025-12-28 |
| CVE-2024-13966 | ZKTeco BioTime default password — BioTimeCWE-1393 | 7.3 | High | 2025-05-27 |
| CVE-2024-6523 | ZKTeco BioTime system-group-add cross site scripting — BioTimeCWE-79 | 3.5 | Low | 2024-07-05 |
This page lists every published CVE security advisory associated with ZKteco. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.