CVE-2025-45746 — MEDIUM (6.5)

Vulnerability Description

In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and because access to the service console does not result in login access or data access in the context of the application software platform.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Zkteco	Zkbio Cvsecurity	6.4.1_r

Related Weaknesses (CWE)

CWE-321 CWE-798

References

https://github.com/mrojz/ZKT-Bio-CVSecurity/blob/main/CVE-2025-45746.mdExploit

FAQ

What is CVE-2025-45746?

CVE-2025-45746 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this ...

How severe is CVE-2025-45746?

CVE-2025-45746 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-45746?

Check the references section above for vendor advisories and patch information. Affected products include: Zkteco Zkbio Cvsecurity.