CVE-2025-15112

Description

Ksenia Security Lares 4.0 version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.

PUBLISHED Reserved 2025-12-27 | Published 2025-12-30 | Updated 2025-12-30 | Assigner VulnCheck

Problem types

URL Redirection to Untrusted Site ('Open Redirect')

Product status

Credits

Mencha Isajlovska of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php (Zero Science Lab Disclosure (ZSL-2025-5928)) third-party-advisory

packetstorm.news/files/id/190179/ (Packet Storm Security Exploit Entry) exploit

www.kseniasecurity.com/ (Ksenia Security Vendor Homepage) product

www.vulncheck.com/...utomation-url-redirection-vulnerability (VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 URL Redirection Vulnerability) third-party-advisory

cve.org (CVE-2025-15112)

nvd.nist.gov (CVE-2025-15112)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.