CVE-2025-15114

Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability

CVSS 9.3 CRITICALEPSS 0.5%CWE-403

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Ksenia Security S.p.A. · lares

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php