CVE-2025-15113CRITICAL 9.3EPSS p34.5%

CVE-2025-15113CVE-2025-15113

Description

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

Scoring

CVSS 3.19.3 (CRITICAL)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS0.43% probability of exploitation · percentile 34.5% · 2026-06-18T12:00:27Z
Published2025-12-30
Last modified2026-03-11

Underlying weaknesses· 2

CWE-256CWE-522

References

  1. https://packetstorm.news/files/id/190178/
  2. https://www.kseniasecurity.com/
  3. https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload
  4. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php
  5. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php

2

TypeTargetConfidenceTier
WeaknessPlaintext Storage of a Passwordcwe-2560%live
WeaknessInsufficiently Protected Credentialscwe-5220%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15111
CVE
CVE-2025-15114
CVE
CVE-2025-41651
CVE
CVE-2025-54762
CVE
CVE-2025-41758
CVE
CVE-2025-41765
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.