CVE-2025-15111

Summary

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

Affected Software

VendorProductVersion RangeStatus
Ksenia Security S.p.A.lares1.6affected
Ksenia Security S.p.A.lares1.0.0.15affected

Weaknesses

  • CWE-259: CWE-259 Use of hard-coded password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References