Dear Valued Customers,
This notice is to inform you of a security vulnerability identified in ZKBio CVSecurity version 6.4.1 and below. It is essential to take the necessary actions to protect your systems for your attention to this matter.
1. Vulnerability Details
Vulnerability Number: CVE-2025-45746
Scope of Impact: ZKBio CVSecurity 6.4.1_R or below
Vulnerability Overview: A hard-coded key exists in the web services controller, and successful exploitation of this vulnerability may result in unauthenticated logins.
2. Vulnerability Solution
This vulnerability has been addressed in ZKBio CVSecurity versions 6.4.2_R, 6.5.1_R, and above. It is strongly recommended to update to the latest version. The installation package can be downloaded from the official website.
Enhance Protection:
Before upgrading, ensure that the system has implemented necessary protective measures, such as closing the web services controller extranet ports and restricting access rights.
Data Backup:
Before performing an upgrade, it is essential to back up relevant data to prevent data loss.
3. Contact Information
A. Please email service-af-xm@zkteco.com to obtain the patch package for the fixed version.
B. You may call the ZKTeco customer service hotline at 400-6900-999 to request the patch package for the repaired version.
C. You may also contact the ZKTeco branch in your region to obtain the patch package for the repaired version.
We are grateful for your understanding and cooperation as we work to ensure the security of your systems. Thank you for your ongoing support and trust in ZKTeco.
