CVE 8.5 HIGH

Ksenia Security Lares 4.0 Home Automation 1.6 Remote Code Execution via MPFS Upload_CVE-2025-15113

December 30, 2025 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

AI Analysis

Unprotected endpoint vulnerability allowing authenticated attackers to upload MPFS File System binary images, potentially leading to arbitrary code execution on the home automation system's web server

Basic Information

ID CVE-2025-15113

Source VulnCheck

Published Dec 30, 2025 at 22:41

Affected Product

Vendor Ksenia Security S.p.A.

Product Ksenia Security Lares 4.0 Home Automation

Version 1.6

Affected Versions Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.6
Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.0.0.15

CWE Classification

CWE-256

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor Ksenia Security S.p.A.

Product Ksenia Security Lares 4.0 Home Automation

Version 1.6

References

{
    "lastseen": "",
    "description": "Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.",
    "published": "2025-12-30T22:41:46.694Z",
    "modified": "2025-12-30T22:41:46.694Z",
    "type": "cve",
    "title": "Ksenia Security Lares 4.0 Home Automation 1.6 Remote Code Execution via MPFS Upload",
    "source": "VulnCheck",
    "references": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php\nhttps://www.kseniasecurity.com/\nhttps://packetstorm.news/files/id/190178/\nhttps://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload",
    "id": "CVE-2025-15113",
    "bulletinFamily": "",
    "cwe": [
        "CWE-256"
    ],
    "cvelist": null,
    "sourceData": "Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.6\nKsenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.0.0.15",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ksenia Security Lares 4.0 Home Automation",
    "version": "1.6",
    "vendor": "Ksenia Security S.p.A.",
    "ai_description": "Unprotected endpoint vulnerability allowing authenticated attackers to upload MPFS File System binary images, potentially leading to arbitrary code execution on the home automation system's web server",
    "ai_severity": "High",
    "ai_vendor": "Ksenia Security S.p.A.",
    "ai_product": "Ksenia Security Lares 4.0 Home Automation",
    "ai_version": "1.6",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply