CVE-2025-15113

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 9.3

CVSS3: 9.8

EPSS Низкий

Описание

Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

Ссылки

https://packetstorm.news/files/id/190178/
Third Party Advisory
https://www.kseniasecurity.com/
Product
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:*

cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00069

Низкий

9.3 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-256

CWE-522

Связанные уязвимости

GHSA-g772-q552-ggr6

CVSS3: 7.8

github

около 1 месяца назад

EPSS

Процентиль: 21%

0.00069

Низкий

9.3 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-256

CWE-522