Login Sign Up

CVE-2025-15113

9.3 CRITICAL
Remote Code Execution

📋 TL;DR

Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint that allows authenticated attackers to upload MPFS File System binary images. This enables overwriting flash program memory and potentially executing arbitrary code on the system's web server. Affected users are those running the vulnerable home automation software.

💻 Affected Systems

Products:
  • Ksenia Security Lares 4.0 Home Automation
Versions: Version 1.6
Operating Systems: Embedded systems running the Lares software
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access, but default credentials may be in use. The vulnerability is in the web server component.

📦 What is this software?

Lares Firmware by Kseniasecurity

View all CVEs affecting Lares Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, take control of the home automation system, pivot to other network devices, and potentially cause physical safety risks.

🟠

Likely Case

Remote code execution leading to unauthorized access, data theft, manipulation of home automation controls, and installation of persistent backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls prevent access to the vulnerable endpoint.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication but is straightforward once authenticated. Public proof-of-concept details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://www.kseniasecurity.com/

Restart Required: No

Instructions:

No official patch available. Monitor vendor website for updates and apply immediately when released.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Lares system from untrusted networks and the internet.

Authentication Hardening

all

Change default credentials and implement strong authentication policies.

🧯 If You Can't Patch

  • Disable or block access to the vulnerable endpoint via firewall rules.
  • Implement strict network access controls to limit who can reach the Lares system.

🔍 How to Verify

Check if Vulnerable:

Check if running Ksenia Security Lares 4.0 Home Automation version 1.6. Review system logs for unauthorized MPFS upload attempts.

Check Version:

Check system web interface or documentation for version information.

Verify Fix Applied:

Verify system is no longer running version 1.6 or that vendor has released and applied a patch.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to MPFS endpoints
  • Authentication attempts followed by file uploads
  • System reboots or unexpected behavior

Network Indicators:

  • HTTP POST requests to MPFS upload endpoints
  • Traffic to/from the Lares system from unexpected sources

SIEM Query:

source="lares_system" AND (url="*mpfs*" OR method="POST")

📊 Metadata

CVE ID: CVE-2025-15113
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-522
EPSS Score: 0.07% exploit probability (21.2th percentile)
Published: December 30, 2025
Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15113, you might also want to check these:

CVE-2024-51545 10.0

This CVE describes a username enumeration vulnerability in ABB industrial control system products th...

Same vulnerability type (CWE-522)
CVE-2021-30116 10.0

CVE-2021-30116 is an authentication bypass vulnerability in Kaseya VSA that allows unauthenticated a...

Same vulnerability type (CWE-522)
CVE-2025-0867 9.9

This vulnerability allows standard users to execute commands with administrative privileges through ...

Same vulnerability type (CWE-522)