CVE-2025-15112

Medium CVSS: 5.1

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.

Vendor

Kseniasecurity

Product

Lares Firmware

CWE

CWE-601

Yayın Tarihi

2025-12-30 23:15:49

Güncelleme

2026-03-11 20:16:13

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-601 Lares Firmware MEDIUM Kseniasecurity 2025

Referanslar

https://packetstorm.news/files/id/190179/ https://www.kseniasecurity.com/ https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-url-redirection-vulnerability https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php

Benzer Kayıtlar

Critical

CVE-2025-15114

Ksenia Security lares (legacy model) Home Automation version 1.6 contains a critical security flaw that exposes the alar…

Critical

CVE-2025-15111

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized a…

Critical

CVE-2025-15113

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that all…