CVE 9.3 CRITICAL

Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability_CVE-2025-15114

December 30, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

AI Analysis

Exposure of alarm system PIN due to a critical security flaw in the 'basisInfo' XML file after authentication, allowing attackers to bypass security measures and disable the alarm system.

Basic Information

ID CVE-2025-15114

Source VulnCheck

Published Dec 30, 2025 at 22:41

Affected Product

Vendor Ksenia Security S.p.A.

Product Ksenia Security Lares 4.0 Home Automation

Version 1.6

Affected Versions Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.6
Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.0.0.15

CWE Classification

CWE-403

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Ksenia Security S.p.A.

Product Ksenia Security Lares 4.0 Home Automation

Version 1.6

References

{
    "lastseen": "",
    "description": "Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.",
    "published": "2025-12-30T22:41:47.116Z",
    "modified": "2025-12-30T22:41:47.116Z",
    "type": "cve",
    "title": "Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability",
    "source": "VulnCheck",
    "references": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php\nhttps://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability",
    "id": "CVE-2025-15114",
    "bulletinFamily": "",
    "cwe": [
        "CWE-403"
    ],
    "cvelist": null,
    "sourceData": "Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.6\nKsenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.0.0.15",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Ksenia Security Lares 4.0 Home Automation",
    "version": "1.6",
    "vendor": "Ksenia Security S.p.A.",
    "ai_description": "Exposure of alarm system PIN due to a critical security flaw in the 'basisInfo' XML file after authentication, allowing attackers to bypass security measures and disable the alarm system.",
    "ai_severity": "Critical",
    "ai_vendor": "Ksenia Security S.p.A.",
    "ai_product": "Ksenia Security Lares 4.0 Home Automation",
    "ai_version": "1.6",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply