exploitDog

CVE-2025-15114

Опубликовано: 30 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

Ссылки

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:*

cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00125

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-403

CWE-668

Связанные уязвимости

GHSA-5xw5-83cp-4rjf

CVSS3: 9.8

github

около 1 месяца назад

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

EPSS

Процентиль: 32%

0.00125

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-403

CWE-668