CVE-2025-15114
CRITICALDescription
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| kseniasecurity | lares_firmware |
| kseniasecurity | lares |
References
Frequently Asked Questions
What is CVE-2025-15114? +
How severe is CVE-2025-15114? +
What products are affected by CVE-2025-15114? +
How do I check if I'm vulnerable to CVE-2025-15114? +
Related Vulnerabilities
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP …
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 …
Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability …
Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. …
Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload …
Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to …