CVE-2025-15114
Unknown Unknown - Not Provided
Information Disclosure in Ksenia Lares 4.0 Exposes Alarm PIN

Publication date: 2025-12-30

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2025-12-31
EPSS Evaluated
2026-06-14
NVD
CVE-2025-15114
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ksenia_security lares 4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-403 A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Ksenia Security Lares 4.0 Home Automation version 1.6, where the alarm system PIN is exposed in the 'basisInfo' XML file after authentication. Attackers can retrieve this PIN from the server response, allowing them to bypass security measures and disable the alarm system without needing any additional authentication.

Impact Analysis

The vulnerability allows attackers to obtain the alarm system PIN and disable the alarm without further authentication. This can lead to unauthorized access and control over the security system, potentially compromising the safety and security of the premises protected by the alarm.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15114. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart