CVE-2025-15114

EUVD-2025-205861
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
kseniasecuritylares_firmware
1.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php