Login Sign Up

CVE-2025-15112

5.4 MEDIUM

📋 TL;DR

This vulnerability in Ksenia Security Lares 4.0 version 1.6 allows attackers to craft malicious links that redirect authenticated users to arbitrary external websites via manipulation of the 'redirectPage' GET parameter in the 'cmdOk.xml' script. It affects users of this specific home automation software version, potentially leading to phishing or further attacks.

💻 Affected Systems

Products:
  • Ksenia Security Lares 4.0
Versions: Version 1.6
Operating Systems: Not specified, likely cross-platform for the software
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is present in the default configuration of the affected version.

📦 What is this software?

Lares Firmware by Kseniasecurity

View all CVEs affecting Lares Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could redirect users to malicious sites for credential theft, malware delivery, or social engineering, compromising user accounts and systems.

🟠

Likely Case

Phishing attacks where users are tricked into visiting fake login pages or malicious content, leading to credential harvesting.

🟢

If Mitigated

Limited impact if users are trained to avoid suspicious links and web filters block known malicious domains.

🌐 Internet-Facing: MEDIUM, as the vulnerability requires a trusted domain to host the malicious link, but internet exposure increases attack surface.
🏢 Internal Only: LOW, as exploitation typically relies on user interaction with crafted links, which is less likely in isolated internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated users to click a crafted link; public proof-of-concept details are available in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.kseniasecurity.com/

Restart Required: No

Instructions:

Check vendor website for updates; no official patch identified in provided references.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation to restrict 'redirectPage' parameter to trusted URLs or block external domains.

Modify 'cmdOk.xml' script to validate redirect URLs against an allowlist.

Web Application Firewall (WAF) Rules

all

Configure WAF to block requests with suspicious 'redirectPage' parameters or external URLs.

Add custom rule to detect and block patterns like 'redirectPage=http://external-domain'.

🧯 If You Can't Patch

  • Educate users to avoid clicking on untrusted links and enable browser security features to warn about redirects.
  • Monitor network traffic for unusual outbound connections to unknown domains and implement URL filtering.

🔍 How to Verify

Check if Vulnerable:

Test by accessing 'cmdOk.xml' with a crafted 'redirectPage' parameter pointing to an external site and check if redirection occurs.

Check Version:

Check software version in the application interface or configuration files; for Lares 4.0, version should be displayed in admin panel.

Verify Fix Applied:

After applying workarounds, retest the redirection to ensure it is blocked or validated properly.

📡 Detection & Monitoring

Log Indicators:

  • Log entries showing access to 'cmdOk.xml' with 'redirectPage' parameter containing external URLs.

Network Indicators:

  • Outbound HTTP/HTTPS requests to unfamiliar domains following access to the vulnerable script.

SIEM Query:

Example: 'source="*cmdOk.xml*" AND query="*redirectPage=*" | stats count by dest_ip'

📊 Metadata

CVE ID: CVE-2025-15112
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score: 0.04% exploit probability (11.6th percentile)
Published: December 30, 2025
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON