CVE-2025-15114

EPSS 0.13%
Veröffentlicht 30.12.2025 22:41:47
Zuletzt bearbeitet 20.02.2026 17:25:08
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kseniasecurity ≫ Lares Firmware Version1.6

Kseniasecurity ≫ Lares Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.321

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php

Third Party Advisory

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-15114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-15114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-15114

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-15114