CVE-2025-15114 – This critical vulnerability in Ksenia Security ... (How to Fix)

Q: What is the severity of CVE-2025-15114?

CVE-2025-15114 has a CVSS score of 9.8 (CRITICAL). This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the alarm system PIN in server responses after authentication. Attackers can retrieve this PIN to bypass security and disable alarm systems without additional authentication. Home and business users of this specific home automation system are affected.

📋 TL;DR

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the alarm system PIN in server responses after authentication. Attackers can retrieve this PIN to bypass security and disable alarm systems without additional authentication. Home and business users of this specific home automation system are affected.

💻 Affected Systems

Products:

Ksenia Security Lares 4.0 Home Automation

Versions: Version 1.6

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to access the vulnerable endpoint, but the PIN is exposed in the response.

📦 What is this software?

Lares Firmware by Kseniasecurity

View all CVEs affecting Lares Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain unauthorized access to disable alarm systems, potentially enabling physical intrusion, theft, or safety breaches without detection.

🟠

Likely Case

Attackers with network access to the system retrieve the PIN and disable alarms, compromising physical security.

🟢

If Mitigated

With proper network segmentation and access controls, only authorized users can reach the vulnerable endpoint, limiting exposure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to retrieve the PIN from the XML response, making it straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is available. Monitor vendor channels for updates and apply immediately when released.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to the home automation system to trusted internal networks only, preventing external exploitation.

Monitor and Block Suspicious Requests

all

Implement network monitoring to detect and block repeated requests to the 'basisInfo' endpoint, which may indicate exploitation attempts.

🧯 If You Can't Patch

Isolate the system on a segmented network with strict firewall rules to prevent unauthorized access.
Change default credentials and enforce strong authentication to reduce the risk of attackers gaining the initial access needed to exploit this vulnerability.

🔍 How to Verify

Check if Vulnerable:

Authenticate to the system and check if the 'basisInfo' XML file in server responses contains the alarm PIN in plaintext.

Check Version:

Check the system interface or documentation for the installed version; it should not be 1.6 if fixed.

Verify Fix Applied:

After applying any vendor patch, verify that the PIN is no longer exposed in the 'basisInfo' XML response.

📡 Detection & Monitoring

Log Indicators:

Multiple authentication attempts followed by access to 'basisInfo' endpoint
Unusual requests to retrieve XML files containing PIN data

Network Indicators:

Traffic to the home automation system's 'basisInfo' endpoint from untrusted sources
Patterns of data exfiltration after authentication

SIEM Query:

source_ip IN (untrusted_ips) AND destination_port = [system_port] AND uri CONTAINS 'basisInfo'

📊 Metadata

CVE ID: CVE-2025-15114

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-668

EPSS Score: 0.13% exploit probability (31.9th percentile)

Published: December 30, 2025

Last Updated: February 20, 2026

🔗 References

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15114, you might also want to check these: