ByteOS Network

NVD Vulnerability Details :

CVE-2025-45746

Modified

Source-cve@mitre.org

Published At-13 May, 2025 | 19:15

Updated At-21 May, 2025 | 14:15

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CPE Matches

ZKTeco Co., Ltd.

>>zkbio_cvsecurity>>6.4.1_r

cpe:2.3:a:zkteco:zkbio_cvsecurity:6.4.1_r:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-321	Secondary	cve@mitre.org
CWE-798	Primary	nvd@nist.gov

CWE ID: CWE-321

Type: Secondary

Source: cve@mitre.org

CWE ID: CWE-798

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.md	cve@mitre.org	Exploit

Hyperlink: https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.md

Source: cve@mitre.org

Resource:

Exploit

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History