{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15114","assignerOrgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","state":"PUBLISHED","assignerShortName":"VulnCheck","dateReserved":"2025-12-27T01:46:45.375Z","datePublished":"2025-12-30T22:41:47.116Z","dateUpdated":"2026-03-11T19:29:49.602Z"},"containers":{"cna":{"providerMetadata":{"orgId":"83251b91-4cc7-4094-a5c7-464a1b83ea10","shortName":"VulnCheck","dateUpdated":"2026-03-11T19:29:49.602Z"},"title":"Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability","datePublic":"2025-03-31T00:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-403","description":"CWE-403 Exposure of file descriptor to unintended control sphere ('file descriptor leak')","type":"CWE"}]}],"affected":[{"vendor":"Ksenia Security S.p.A.","product":"lares","versions":[{"status":"affected","version":"1.6"},{"status":"affected","version":"1.0.0.15"}],"defaultStatus":"unknown"}],"descriptions":[{"lang":"en","value":"Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.</p>"}]}],"tags":["unsupported-when-assigned"],"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php","name":"Zero Science Lab Disclosure (ZSL-2025-5929)","tags":["technical-description","exploit"]},{"url":"https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-pin-exposure-vulnerability","tags":["third-party-advisory"]}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"CRITICAL","baseScore":9.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"CRITICAL","baseScore":9.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}],"credits":[{"lang":"en","value":"Mencha Isajlovska","type":"finder"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"vulncheck"}},"adp":[{"references":[{"url":"https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-02T14:23:31.058262Z","id":"CVE-2025-15114","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-02T14:38:28.109Z"}}]}}