What type of vulnerability is CVE-2023-38950?

CVE-2023-38950 is a path traversal vulnerability in the iclock API with a CVSS score of 7.5. It allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

What can attackers do with the CVE-2023-38950 vulnerability?

The path traversal vulnerability allows unauthenticated attackers to read arbitrary files from the affected ZKTeco BioTime systems by supplying crafted payloads to the iclock API.

What sectors are being targeted by the ZKTeco BioTime attacks?

Iranian state-sponsored hackers are using this vulnerability to target critical infrastructure organizations in the Middle East.

What should organizations using ZKTeco BioTime do?

Organizations using ZKTeco BioTime are advised to apply available patches immediately and use security scanners to check whether their systems are internet-facing, which increases the risk of exploitation.

Why is internet exposure particularly dangerous for ZKTeco BioTime systems?

Internet-facing ZKTeco BioTime systems are at increased risk because the CVE-2023-38950 vulnerability can be exploited by unauthenticated attackers remotely, making publicly accessible systems prime targets for exploitation.

What is the CVSS score for the ZKTeco BioTime vulnerability?

CVE-2023-38950 has been assigned a CVSS score of 7.5, classifying it as a high-severity vulnerability.

Attack

CISA warns of ZKTeco BioTime flaw actively exploited in State-Sponsored attacks

Q: What vulnerability has CISA added to its Known Exploited Vulnerabilities catalog?

CISA has added CVE-2023-38950, a high-severity vulnerability affecting ZKTeco BioTime, to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild.

Q: Who is actively exploiting the ZKTeco BioTime vulnerability?

The vulnerability has been actively exploited by Iranian state-sponsored hackers targeting critical infrastructure in the Middle East.

published: June 4, 2025

Take action: If you are using ZKTeco BioTime time to patch it. The attackers targeting these systems are well funded and skilled. Check for any indicators of compromise and patch ASAP!

Learn More

CISA has added a high-severity vulnerability affecting ZKTeco BioTime to its Known Exploited Vulnerabilities (KEV) catalog following evidence of active exploitation in the wild.

BioTime is a web-based time and attendance management software that integrates with biometric authentication devices and provides connectivity to thousands of ZKTeco's standalone devices through various communication channels including Ethernet, WiFi, 3G, and 4G networks.

The vulnerability is tracked as CVE-2023-38950 (CVSS score 7.5), is a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload.

Apparently, it has been actively exploited by Iranian state-sponsored hackers targeting critical infrastructure in the Middle East. Organizations using ZKTeco BioTime are advised to apply available patches and use security scanners to check whether their systems are internet-facing, which increases the risk of exploitation.

CISA warns of ZKTeco BioTime flaw actively exploited in State-Sponsored attacks

Read More
CISA reports active exploitation of Mitel MiCollab flaws
CISA reports critical Apache HTTP Server flaw actively …
CISA warns of critical Fortinet RCE actively exploited
FBI warns that Barracuda ESG appliances should be …
Critical vBulletin Pre-Authentication remote code execution flaws actively …