CVE-2025-15111

CRITICAL 9.8

Ksenia Security lares Home Automation 1.6 Default Credentials Vulnerability

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

CWE	CWE-259
Vendor	ksenia security s.p.a.
Product	lares
Published	Dec 30, 2025
Last Updated	Mar 11, 2026

Stay Ahead of the Next One

Get instant alerts for ksenia security s.p.a. lares

Be the first to know when new critical vulnerabilities affecting ksenia security s.p.a. lares are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Ksenia Security S.p.A. / lares

1.6 1.0.0.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5927.php packetstorm.news: https://packetstorm.news/files/id/190180/ kseniasecurity.com: https://www.kseniasecurity.com/ vulncheck.com: https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-default-credentials-vulnerability

Credits

Mencha Isajlovska of Zero Science Lab