CVE-2025-15114CRITICAL 9.8EPSS p39.1%

CVE-2025-15114CVE-2025-15114

Description

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.51% probability of exploitation · percentile 39.1% · 2026-06-18T12:00:27Z
Published2025-12-30
Last modified2026-03-11

Underlying weaknesses· 2

CWE-403CWE-668

References

  1. https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability
  2. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php
  3. https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php

2

TypeTargetConfidenceTier
WeaknessExposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')cwe-4030%live
WeaknessExposure of Resource to Wrong Spherecwe-6680%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-15111
CVE
CVE-2025-15113
CVE
CVE-2025-46414
CVE
CVE-2025-51381
CVE
CVE-2025-67135
CVE
CVE-2025-41648
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.