CVE-2025-15114
Unknown Unknown - Not Provided

Information Disclosure in Ksenia Lares 4.0 Exposes Alarm PIN

Vulnerability report for CVE-2025-15114, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-30

Last updated on: 2026-03-11

Assigner: VulnCheck

Description

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-30
Last Modified
2026-03-11
Generated
2026-07-06
AI Q&A
2025-12-31
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
ksenia_security lares 4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-403 A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, where the alarm system PIN is exposed in the 'basisInfo' XML file after authentication. Attackers can retrieve this PIN from the server response, allowing them to bypass security measures and disable the alarm system without needing any additional authentication.

Impact Analysis

The vulnerability allows attackers to obtain the alarm system PIN and disable the alarm without further authentication. This can lead to unauthorized access and control over the security system, potentially compromising the safety and security of the premises protected by the alarm.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart