CVE-2025-15113

Exploit

EPSS 0.07%
Veröffentlicht 30.12.2025 22:41:46
Zuletzt bearbeitet 19.02.2026 20:25:24
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kseniasecurity ≫ Lares Firmware Version1.6

Kseniasecurity ≫ Lares Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.213

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com	9.3	2.5	6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://www.kseniasecurity.com/

Product

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php

Third Party Advisory

https://packetstorm.news/files/id/190178/

Third Party Advisory

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15113

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15113