CVE-2025-15111

CRITICAL

Kseniasecurity Lares Firmware - Hard-coded Credentials

Title source: rule
STIX 2.1

Description

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

References (4)

Scores

CVSS v3 9.8
EPSS 0.0003
EPSS Percentile 10.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-259
Status published
Products (1)
kseniasecurity/lares_firmware 1.6
Published Dec 30, 2025
Tracked Since Feb 18, 2026