Zkteco Security Vulnerabilities (CVEs)
Track 12 security vulnerabilities affecting Zkteco products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2025-45746 allows unauthenticated attackers to craft valid JWT tokens using a hardcoded secret, enabling authentication bypass to the ZKT ZKBio CV...
May 13, 2025ZKTeco ZKBio CVSecurity v6.1.1 contains a hardcoded cryptographic key (CWE-259), allowing attackers to decrypt sensitive data or bypass authentication...
Jul 9, 2024ZKTeco ZKBio CVSecurity 6.1.1 has a directory traversal vulnerability in the BaseMediaFile component that allows authenticated users to delete arbitra...
May 30, 2024ZKTeco ZKBio CVSecurity versions up to 6.4.1 are vulnerable to directory traversal via the photoBase64 parameter, allowing unauthenticated attackers t...
May 30, 2024This vulnerability allows authenticated users in ZKTeco ZKBio CVSecurity to bypass password verification when exporting data. Attackers with valid cre...
May 30, 2024This vulnerability in ZKTeco BioTime allows remote attackers to access sensitive information without authentication. It affects BioTime versions 8.5.4...
Apr 11, 2024This vulnerability in ZKteco ZKBio WDMS allows attackers to download database backups by predicting timestamp-based filenames in the /files/backup/ co...
Feb 23, 2024An Insecure Direct Object Reference (IDOR) vulnerability in ZKTeco ZEM800 version 6.60 allows local attackers to access sensitive backup and configura...
Sep 4, 2023An unauthenticated path traversal vulnerability in ZKTeco BioTime's iclock API allows attackers to read arbitrary files on the system by sending speci...
Aug 3, 2023This vulnerability in ZKTeco BioTime allows authenticated attackers to perform path traversal attacks via crafted requests to /base/sftpsetting/ endpo...
Aug 3, 2023CVE-2023-38954 is a critical SQL injection vulnerability in ZKTeco BioAccess IVS v3.3.1 that allows attackers to execute arbitrary SQL commands on the...
Aug 3, 2023This CVE describes a path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 that allows unauthenticated attackers to read arbitrary files on the ...
Aug 3, 2023Why Monitor Zkteco Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 12+ known vulnerabilities affecting Zkteco products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Zkteco packages in under 60 seconds. No agents required - completely agentless scanning that works across Zkteco deployments.
Free vulnerability database: Access detailed information about every Zkteco CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Zkteco CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
