CVE-2025-15113

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6

Description An authenticated attacker can upload MPFS File System binary images through an unprotected endpoint. This allows overwriting flash program memory and potentially executing arbitrary code on the home automation system's web server. The vulnerable endpoint allows file uploads without proper security checks.

Recommendations Apply updates to address the unprotected endpoint in version 1.6.

Exploit

Fix

RCE

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522CWE-256

Related Identifiers

CVE-2025-15113

Affected Products

Ksenia Security Lares

CVE-2025-15113

Weakness Enumeration

Related Identifiers

Affected Products

References · 14