CVE-2025-15112
Open Redirect Vulnerability in Ksenia Security Lares 4.0 cmdOk.xml
Publication date: 2025-12-30
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ksenia_security | lares | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a URL redirection flaw in Ksenia Security Lares 4.0 version 1.6, specifically in the 'cmdOk.xml' script. It allows attackers to manipulate the 'redirectPage' GET parameter to craft malicious links. When an authenticated user clicks on such a specially constructed link hosted on a trusted domain, they can be redirected to arbitrary, potentially malicious websites.
How can this vulnerability impact me? :
The vulnerability can lead to users being redirected to malicious websites without their knowledge, which can result in phishing attacks, malware infections, or other security breaches. Since the redirection occurs after clicking a link on a trusted domain, users may be more likely to trust the link, increasing the risk of compromise.