CVE-2025-15113 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MP…
Critical CVSS: 9.3

CVE-2025-15113

Ksenia Security lares (legacy model) Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system's web server.
Vendor
Kseniasecurity
Product
Lares Firmware
CWE
CWE-256
Yayın Tarihi
2025-12-30 23:15:49
Güncelleme
2026-03-11 20:16:13
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-256 Lares Firmware CRITICAL Kseniasecurity 2025

Referanslar

https://packetstorm.news/files/id/190178/ https://www.kseniasecurity.com/ https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-remote-code-execution-via-mpfs-upload https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5930.php