从这个网页截图中可以获取到以下关于漏洞的关键信息: Severity: CRITICAL Date: December 30, 2025 Affecting: Ksenia Security Lares 4.0 Home Automation 1.6, 1.0.0.15 CVE ID: CVE-2025-15114 Vulnerability Type: CWE-403 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') CVSS Score: 8.2/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N References: Zero Science Lab Disclosure (ZSL-2025-5929) Credit: Mencha Isajlovska Description: Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.