CVE-2025-15113— Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload

CVSS 8.4 · High EPSS 0.03% · P8 Updated Mar 12, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-15113

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload

Source: NVD (National Vulnerability Database)

Vulnerability Description

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

明文存储口令

Source: NVD (National Vulnerability Database)

Vulnerability Title

Ksenia Security Lares 4.0 Home Automation 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Ksenia Security Lares 4.0 Home Automation是意大利Ksenia Security公司的一款智慧安防与家庭自动化控制平台。 Ksenia Security Lares 4.0 Home Automation 1.6版本存在安全漏洞，该漏洞源于未受保护的端点，可能导致经过身份验证的攻击者上传MPFS文件系统二进制映像，进而执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Ksenia Security S.p.A.	lares	1.6	-

II. Public POCs for CVE-2025-15113

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-15113

请登录查看更多情报信息。

Same Patch Batch · Ksenia Security S.p.A. · 2025-12-30 · 4 CVEs total

CVE-2025-15114	9.8 CRITICAL	Ksenia Security lares Home Automation 1.6 PIN Exposure Vulnerability
CVE-2025-15111	9.8 CRITICAL	Ksenia Security lares Home Automation 1.6 Default Credentials Vulnerability
CVE-2025-15112	5.4 MEDIUM	Ksenia Security lares Home Automation 1.6 URL Redirection Vulnerability

IV. Related Vulnerabilities

Same product: lares

Same vendor: Ksenia Security S.p.A.

Same weakness: CWE-256

V. Comments for CVE-2025-15113

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-15113— Ksenia Security lares Home Automation 1.6 Remote Code Execution via MPFS Upload

I. Basic Information for CVE-2025-15113

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-15113

III. Intelligence Information for CVE-2025-15113

Same Patch Batch · Ksenia Security S.p.A. · 2025-12-30 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-15113

Leave a comment