Credential Storage Vulnerability in ZKTeco BioTime Software
CVE-2025-15128
Key Information:
Badges
What is CVE-2025-15128?
A security flaw has been identified in the ZKTeco BioTime software, specifically affecting versions up to 9.0.3, 9.0.4, and 9.5.2. The issue arises from improper handling of encryption parameters related to credential storage within the /base/safe_setting/ directory of the Endpoint component. This vulnerability allows for the manipulation of arguments such as backup_encryption_password_decrypt and export_encryption_password_decrypt, potentially leading to the exposure and unprotected storage of sensitive credentials. Attackers can exploit this vulnerability remotely, heightening the risk if left unaddressed. The vendor was notified of this security issue, but there has been no response or remediation effort to date.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
BioTime 9.0.0
BioTime 9.0.1
BioTime 9.0.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved