PT-2025-54262 · Ksenia Security · Ksenia Security Lares 4.0 Home Automation
Mencha Isajlovska
·
Published
2025-12-30
·
Updated
2026-03-11
·
CVE-2025-15114
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ksenia Security Lares 4.0 Home Automation version 1.6
Description
A critical security flaw exists that exposes the alarm system PIN in the
basisInfo XML file after authentication. An attacker can retrieve the PIN from the server response and bypass security measures to disable the alarm system without further authentication. The affected system is a home automation system.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ksenia Security Lares 4.0 Home Automation