CVE-2025-15111

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-15111

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

K

senia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

References
Link Resource
https://packetstorm.news/files/id/190180/ Third Party Advisory
https://www.kseniasecurity.com/ Product
https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php Exploit Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:*
cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:*
History

19 Feb 2026, 20:25

Type Values Removed Values Added
Summary (en) Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system. (en) Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.
CWE CWE-798

16 Jan 2026, 19:16

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php - Third Party Advisory, Exploit () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 9.8

13 Jan 2026, 21:43

Type Values Removed Values Added
References () https://packetstorm.news/files/id/190180/ - () https://packetstorm.news/files/id/190180/ - Third Party Advisory
References () https://www.kseniasecurity.com/ - () https://www.kseniasecurity.com/ - Product
References () https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability - () https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability - Third Party Advisory
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php - Third Party Advisory, Exploit
First Time Kseniasecurity
Kseniasecurity lares
Kseniasecurity lares Firmware
CPE cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:*
cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:*

02 Jan 2026, 15:15

Type Values Removed Values Added
References () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php - () https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php -

30 Dec 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-30 23:15

Updated : 2026-02-19 20:25

NVD link : CVE-2025-15111

Mitre link : CVE-2025-15111

CVE.ORG link : CVE-2025-15111

JSON object : View

Products Affected

kseniasecurity

CWE

No CWE.