CVE-2025-45746 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Sup…
Medium CVSS: 6.5

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.
Vendor
Zkteco
Product
Zkbio Cvsecurity
CWE
CWE-321
Yayın Tarihi
2025-05-13 19:15:51
Güncelleme
2025-05-21 14:15:31
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-321 Zkbio Cvsecurity MEDIUM Zkteco 2025

Referanslar

https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.md