CVE-2025-15112

Exploit

EPSS 0.04%
Veröffentlicht 30.12.2025 22:41:46
Zuletzt bearbeitet 20.02.2026 17:25:08
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kseniasecurity ≫ Lares Firmware Version1.6

Kseniasecurity ≫ Lares Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.123

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
disclosure@vulncheck.com	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://www.kseniasecurity.com/

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php

Third Party Advisory

https://packetstorm.news/files/id/190179/

Third Party Advisory

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-url-redirection-vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15112

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15112

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15112

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15112