Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-54465

Summary
Assigner-CERT-In
Assigner Org ID-66834db9-ab24-42b4-be80-296b2e40335c
Published At-13 Aug, 2025 | 11:17
Updated At-13 Aug, 2025 | 13:09
Rejected At-
Credits

Hard-coded Credentials Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:CERT-In
Assigner Org ID:66834db9-ab24-42b4-be80-296b2e40335c
Published At:13 Aug, 2025 | 11:17
Updated At:13 Aug, 2025 | 13:09
Rejected At:
▼CVE Numbering Authority (CNA)
Hard-coded Credentials Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.

Affected Products
Vendor
ZKTeco Co
Product
WL20 Biometric Attendance System
Default Status
unaffected
Versions
Affected
  • <=ZLM31-FXO1-3.1.8
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798: Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798: Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
4.06.8MEDIUM
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Upgrade ZKTeco WL20 Biometric Attendance System firmware to version ZLM31-FXO1-4.0.3. https://www.zkteco.com/en/Security_Bulletinsibs/20

Configurations
Workarounds
Exploits
Credits
finder
This vulnerability is reported by Shravan Singh from Kavach IoT Security.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172
third-party-advisory
https://www.zkteco.com/en/Security_Bulletinsibs/20
vendor-advisory
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172
Resource:
third-party-advisory
Hyperlink: https://www.zkteco.com/en/Security_Bulletinsibs/20
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vdisclose@cert-in.org.in
Published At:13 Aug, 2025 | 12:15
Updated At:13 Aug, 2025 | 17:33

This vulnerability exists in ZKTeco WL20 due to hard-coded MQTT credentials and endpoints stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve the hard-coded MQTT credentials and endpoints from the targeted device. Successful exploitation of this vulnerability could allow the attacker to gain unauthorized access to the MQTT broker and manipulate the communications of the targeted device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.8MEDIUM
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-798Primaryvdisclose@cert-in.org.in
CWE ID: CWE-798
Type: Primary
Source: vdisclose@cert-in.org.in
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172vdisclose@cert-in.org.in
N/A
https://www.zkteco.com/en/Security_Bulletinsibs/20vdisclose@cert-in.org.in
N/A
Hyperlink: https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2025-0172
Source: vdisclose@cert-in.org.in
Resource: N/A
Hyperlink: https://www.zkteco.com/en/Security_Bulletinsibs/20
Source: vdisclose@cert-in.org.in
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1Records found
CVE-2025-55279
Matching Score-6
Assigner-Indian Computer Emergency Response Team (CERT-In)
ShareView Details
Matching Score-6
Assigner-Indian Computer Emergency Response Team (CERT-In)
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.51%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 11:23
Updated-13 Aug, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hard-coded Private Key Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and analyzing the binary data to retrieve private key stored in the firmware of the targeted device. Successful exploitation of this vulnerability could allow the attacker to perform unauthorized decryption of sensitive data and Man-in-the-Middle (MitM) attacks on the targeted device.

Action-Not Available
Vendor-ZKTeco Co
Product-WL20 Biometric Attendance System
CWE ID-CWE-798
Use of Hard-coded Credentials
Details not found