CVE-2025-15128
Deferred Deferred - Pending Action
Unprotected Credential Storage in ZKTeco BioTime Endpoint Component

Publication date: 2025-12-28

Last updated on: 2026-06-11

Assigner: VulDB

Description
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 9.0.6 is able to mitigate this issue. It is recommended to upgrade the affected component. The vendor confirms: "The mainstream version ZKBioTime V9.0.6 has fixed this vulnerability. Please update to the latest version as soon as possible. For the Middle East version BioTime 9.5.X, you can contact the local technical support to obtain the fix package."
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-28
Last Modified
2026-06-11
Generated
2026-06-16
AI Q&A
2025-12-28
EPSS Evaluated
2026-06-15
NVD
CVE-2025-15128
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
zkteco biotime 9.0.4
zkteco biotime 9.0.3
zkteco biotime 9.5.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-255
CWE-256 The product stores a password in plaintext within resources such as memory or files.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in ZKTeco BioTime versions up to 9.0.3, 9.0.4, and 9.5.2, specifically in an unknown part of the /base/safe_setting/ component called Endpoint. It involves manipulation of the arguments backup_encryption_password_decrypt and export_encryption_password_decrypt, which leads to unprotected storage of credentials. This means sensitive credential information is stored without proper encryption or protection, and the vulnerability can be exploited remotely. The exploit is publicly available.

Impact Analysis

The vulnerability can lead to exposure of sensitive credentials due to unprotected storage, which can be accessed remotely by attackers. This can compromise the security of the affected system, potentially allowing unauthorized access or further exploitation. However, the impact is limited to confidentiality as the integrity and availability are not affected according to the CVSS scores.

Compliance Impact

The vulnerability leads to unprotected storage and exposure of sensitive administrative credentials, allowing unauthorized access and full administrative compromise of the affected system. This exposure of sensitive information and lack of proper access controls can result in violations of data protection and security requirements mandated by common standards and regulations such as GDPR and HIPAA, which require safeguarding sensitive data and ensuring proper access controls. Therefore, exploitation of this vulnerability could negatively impact compliance with these regulations by compromising confidentiality and security of sensitive information. [1, 3]

Detection Guidance

You can detect this vulnerability by attempting to access the vulnerable endpoint `/base/safe_setting/` on your ZKTeco BioTime system. For versions 9.0.3 and 9.5.2, this endpoint is accessible without authentication and returns HTML containing cleartext sensitive passwords. A simple command to test this is: `curl http://<target>/base/safe_setting/` If the response contains the fields `backup_encryption_password_decrypt` and `export_encryption_password_decrypt` with cleartext passwords, your system is vulnerable. For version 9.0.4, authentication is required but authorization is missing, so a low-privilege authenticated user can also access this endpoint with a similar curl command including session cookies. Monitoring network traffic for HTTP GET requests to `/base/safe_setting/` can also help detect exploitation attempts. [1, 2, 3]

Mitigation Strategies

Immediate mitigation steps include: 1. Restrict remote access to the vulnerable endpoint `/base/safe_setting/` by applying firewall rules to limit access only to trusted internal networks. 2. Upgrade the ZKTeco BioTime software to version 9.0.6 or later, where the vulnerability is fully fixed with proper authorization checks and no sensitive information exposure. 3. Monitor for any unauthorized access attempts to the endpoint. Since the vendor did not provide a patch before 9.0.6, network-level restrictions are critical to reduce exposure until the upgrade can be performed. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15128. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart