CVE-2025-15111CRITICAL 9.8EPSS p40.5%

CVE-2025-15111CVE-2025-15111

Description

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.5% · 2026-06-18T12:00:27Z
Published2025-12-30
Last modified2026-03-11

Underlying weaknesses· 1

CWE-259

References

  1. https://packetstorm.news/files/id/190180/
  2. https://www.kseniasecurity.com/
  3. https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability
  4. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php
  5. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Passwordcwe-2590%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15114
CVE
CVE-2025-15113
CVE
CVE-2025-41656
CVE
CVE-2026-26366
CVE
CVE-2025-51381
CVE
CVE-2026-26341
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.