CVE-2025-15111

EUVD-2025-205864
Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
kseniasecuritylares_firmware
1.6
𝑥
= Vulnerable software versions
References
https://packetstorm.news/files/id/190180/
https://www.kseniasecurity.com/
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php