CVE-2025-15128

Name of the Vulnerable Software and Affected Versions ZKTeco BioTime versions 9.0.3 through 9.0.4 ZKTeco BioTime version 9.5.2

Description A security issue exists in ZKTeco BioTime related to the storage of credentials. Manipulation of the backup encryption password decrypt/export encryption password decrypt argument within the Endpoint component, specifically concerning the file /base/safe setting/, can lead to unprotected storage of credentials. Remote exploitation is possible. The exploit is publicly available. The vendor was contacted regarding this issue but did not respond.

Recommendations ZKTeco BioTime versions 9.0.3 and 9.0.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ZKTeco BioTime version 9.5.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.