CNNVD-202512-4889 Information

CNNVD ID

CNNVD-202512-4889

Related CVE

CVE-2025-15128

• CNNVD Published: 2025-12-28

Description (Chinese)

ZKTeco BioTime是中国ZKTeco公司的一款功能强大的基于 web 的时间和出勤管理软件。 ZKTeco BioTime 9.0.3版本、9.0.4版本和9.5.2版本存在安全漏洞，该漏洞源于对文件/base/safe_setting/中参数backup_encryption_password_decrypt/export_encryption_password_decrypt的错误操作，可能导致凭据存储不当。

Description (English)

ZKTeco BioTime is a powerful web-based time and attendance management software for ZKTeco in China. ZKTeco BioTime version 9.0.3, version 9.0.4 and version 9.5.2 contain a security loophole stemming from a mishandling of the document/base/safe setting/modeparameter backup encryption password decrypt/export encryption password decrypt, which may lead to improper storage of the evidence.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

熵基科技

Published

2025-12-28

Last Modified

2026-02-24

References

https://vuldb.com/?submit.711813 https://github.com/ionutluca888/IDOR-POC-ZKBio-Time/tree/main https://vuldb.com/?id.338506 https://vuldb.com/?ctiid.338506 https://access.redhat.com/security/cve/cve-2025-15128