CVE-2025-15128 | ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2 Endpoint /base/safe_setting/ credentials storage

A vulnerability classified as problematic has been found in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials.

This vulnerability is known as CVE-2025-15128. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

It is suggested to use restrictive firewalling.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15128 | ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2 Endpoint /base/safe_setting/ credentials storage

Post correlati

CVE-2024-12007 | code-projects Farmacia 1.0 /visualizar-produto.php id sql injection

CVE-2023-28512 | IBM Watson CP4D Data Stores 4.6.0/4.6.1/4.6.2 unknown vulnerability (XFDB-250396)

CVE-2023-6765 | SourceCodester Online Tours & Travels Management System 1.0 email_setup.php prepare name sql injection

CVE-2024-26988 | Linux Kernel up to 5.15.156/6.1.87/6.6.28/6.8.7/6.9-rc4 init/main.c static_command_line buffer overflow