Cyber Posture

CVE-2016-20025

HighPublic PoC

Published: 16 March 2026

Published
16 March 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 7.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2016-20025 is a high-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Cxsecurity (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, ranked at the 7.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-5 Access Restrictions for Change good match
prevent

CM-5 restricts access to modifications of configuration-controlled components like executable files to authorized personnel only, directly countering the Modify permissions granted to all authenticated users.

AC-6 Least Privilege good match
prevent

AC-6 enforces least privilege, ensuring authenticated users lack unnecessary Modify permissions on executable files that enable privilege escalation.

SC-34 Non-modifiable Executable Programs good match
prevent

SC-34 implements mechanisms to protect executable programs from unauthorized modification, preventing replacement with malicious code for privilege escalation.

NVD Description

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code…

more

for privilege escalation.

Deeper analysisAI

CVE-2016-20025 is an insecure file permissions vulnerability (CWE-552) in ZKTeco ZKAccess Professional 3.5.3. The issue stems from the Authenticated Users group being granted Modify permissions on executable files, enabling authenticated users to replace legitimate binaries with malicious code to escalate privileges.

An attacker requires low privileges (PR:L) as an authenticated user and can exploit the vulnerability remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), without changing scope (S:U). Successful exploitation grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 8.8, allowing full privilege escalation on the affected system.

Advisories and exploit details are documented in references such as CXSecurity (WLB-2016080265), IBM XForce Exchange (vulnerability 116486), PacketStormSecurity (file 138566), Exploit-DB (exploit 40323), and VulnCheck, which cover the privilege escalation via insecure permissions but do not specify patches in the provided CVE information.

Details

CWE(s)
CWE-552

Affected Products

Cxsecurity
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2020-37082Shared CWE-552
CVE-2024-48864Shared CWE-552
CVE-2025-41240Shared CWE-552
CVE-2024-47518Shared CWE-552
CVE-2024-57452Shared CWE-552
CVE-2026-34361Shared CWE-552
CVE-2026-35446Shared CWE-552
CVE-2025-11371Shared CWE-552
CVE-2024-47106Shared CWE-552
CVE-2025-37168Shared CWE-552

References