CVE-2025-15111 | THREATINT

Description

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

PUBLISHED Reserved 2025-12-27 | Published 2025-12-30 | Updated 2026-02-20 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Use of Hard-coded Credentials

Product status

Default status

unaffected

1.6

affected

1.0.0.15

affected

Credits

Mencha Isajlovska of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php exploit

www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php (Zero Science Lab Disclosure (ZSL-2025-5927)) third-party-advisory

packetstorm.news/files/id/190180/ (Packet Storm Security Exploit Entry) exploit

www.kseniasecurity.com/ (Ksenia Security Vendor Homepage) product

www.vulncheck.com/...ation-default-credentials-vulnerability third-party-advisory

cve.org (CVE-2025-15111)

nvd.nist.gov (CVE-2025-15111)

Download JSON

help @ threatint.eu