5.4
CVE-2025-15112
- EPSS 0.23%
- Veröffentlicht 30.12.2025 22:41:46
- Zuletzt bearbeitet 11.03.2026 20:16:13
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginKsenia Security lares Home Automation 1.6 URL Redirection Vulnerability
Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kseniasecurity ≫ Lares Firmware Version1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.14 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| disclosure@vulncheck.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://www.kseniasecurity.com/
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php
https://packetstorm.news/files/id/190179/
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-url-redirection-vulnerability