Cyber Resilience

CVE-2016-20025

HighPublic PoCUpdated

Published: 16 March 2026

Published
16 March 2026
Modified
08 June 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0044 35.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2016-20025 is a high-severity Files or Directories Accessible to External Parties (CWE-552) vulnerability in Cxsecurity (inferred from references). Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Services File Permissions Weakness (T1574.010); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and CM-5 (Access Restrictions for Change).

Deeper analysis

CVE-2016-20025 is an insecure file permissions vulnerability (CWE-552) in ZKTeco ZKAccess Professional 3.5.3. The issue stems from the Authenticated Users group being granted Modify permissions on executable files, enabling authenticated users to replace legitimate binaries with malicious code to escalate privileges.

An attacker requires low privileges (PR:L) as an authenticated user and can exploit the vulnerability remotely (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N), without changing scope (S:U). Successful exploitation grants high impacts across confidentiality, integrity, and availability (C:H/I:H/A:H), with a CVSS v3.1 base score of 8.8, allowing full privilege escalation on the affected system.

Advisories and exploit details are documented in references such as CXSecurity (WLB-2016080265), IBM XForce Exchange (vulnerability 116486), PacketStormSecurity (file 138566), Exploit-DB (exploit 40323), and VulnCheck, which cover the privilege escalation via insecure permissions but do not specify patches in the provided CVE information.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

ZKTeco ZKAccess Professional 3.5.3 contains an insecure file permissions vulnerability that allows authenticated users to escalate privileges by modifying executable files. Attackers can leverage the Modify permission granted to the Authenticated Users group to replace executable binaries with malicious code…

more

for privilege escalation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.010 Services File Permissions Weakness Stealth
Adversaries may execute their own malicious payloads by hijacking the binaries used by services.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Insecure Modify permissions on executables (CWE-552) directly allow authenticated low-priv users to overwrite binaries with malicious code, enabling local privilege escalation via hijacked execution flow.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-40631Shared CWE-552
CVE-2020-37082Shared CWE-552
CVE-2019-25709Shared CWE-552
CVE-2025-11371Shared CWE-552
CVE-2026-2330Shared CWE-552
CVE-2026-35446Shared CWE-552
CVE-2024-47106Shared CWE-552
CVE-2025-0509Shared CWE-552
CVE-2026-31215Shared CWE-552
CVE-2026-31216Shared CWE-552

Affected Assets

Cxsecurity
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

CM-5 restricts access to modifications of configuration-controlled components like executable files to authorized personnel only, directly countering the Modify permissions granted to all authenticated users.

prevent

AC-6 enforces least privilege, ensuring authenticated users lack unnecessary Modify permissions on executable files that enable privilege escalation.

prevent

SC-34 implements mechanisms to protect executable programs from unauthorized modification, preventing replacement with malicious code for privilege escalation.

References