Today, CISA announced that it had added a path traversal vulnerability in the ZKTeco BioTime product to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was originally reported by Claroty as one of four vulnerabilities reported in that product in July 2023. On April 1st, 2024, an exploit for three of the four vulnerabilities reported by Claroty were published on Sploitus.com. In November of 2024, Fortinet published an article that included a discussion (“Exploitation Attempts – BIOTIME-1” page 34) about seeing this vulnerability actively being exploited by Iranian attackers in the Middle East. On May 12th, 2025, ZKTeco published an advisory for two of the four vulnerabilities reported by Claroty, including this vulnerability. They reported that they have a new version that mitigates those two vulnerabilities.
CISA has ordered federal agencies using BioTime to apply “mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”
Posts
No comments:
Post a Comment