{“lastseen”:””,”description”:”Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system’s web server.”,”published”:”2025-12-30T22:41:46.694Z”,”modified”:”2025-12-30T22:41:46.694Z”,”type”:”cve”,”title”:”Ksenia Security Lares 4.0 Home Automation 1.6 Remote Code Execution via MPFS Upload”,”source”:”VulnCheck”,”references”:”https:\/\/www.zeroscience.mk\/en\/vulnerabilities\/ZSL-2025-5930.php\\nhttps:\/\/www.kseniasecurity.com\/\\nhttps:\/\/packetstorm.news\/files\/id\/190178\/\\nhttps:\/\/www.vulncheck.com\/advisories\/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload”,”id”:”CVE-2025-15113″,”bulletinFamily”:””,”cwe”:[“CWE-256″],”cvelist”:null,”sourceData”:”Ksenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.6\\nKsenia Security S.p.A. Ksenia Security Lares 4.0 Home Automation 1.0.0.15″,”sourceHref”:””,”cvss”:{“score”:8.5,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:L\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Ksenia Security Lares 4.0 Home Automation”,”version”:”1.6″,”vendor”:”Ksenia Security S.p.A.”,”ai_description”:”Unprotected endpoint vulnerability allowing authenticated attackers to upload MPFS File System binary images, potentially leading to arbitrary code execution on the home automation system’s web server”,”ai_severity”:”High”,”ai_vendor”:”Ksenia Security S.p.A.”,”ai_product”:”Ksenia Security Lares 4.0 Home Automation”,”ai_version”:”1.6″,”ai_score”:8.5}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,44,12,15,13,7,11,5],"class_list":["post-33365","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-85","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n