CVE-2025-15111 CRITICAL

CVE-2025-15111: Ksenia Security lares Home Automation 1.6 Default Credentials Vulnerability

Vendor Ksenia Security S.p.a.
Product lares
Weakness CWE-259
Published December 30, 2025
Last update March 11, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Ksenia Security lares (legacy model) version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full control of the home automation system.

Key dates

02Disclosure timeline

December 30, 2025 CVE published
March 11, 2026 Record updated