Default Credentials Vulnerability in Ksenia Security Lares Home Automation System
CVE-2025-15111

9.3CRITICAL

Key Information:

Vendor: Ksenia Security S.p.a.
Status: Ksenia Security Lares 4.0 Home Automation
Vendor: CVE Published:; 30 December 2025

🔔 Create Ksenia Security S.p.a. Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-15111?

The Ksenia Security Lares Home Automation version 1.6 is susceptible to a vulnerability that involves default administrative credentials. This weakness permits unauthorized individuals to gain administrative control over the home automation system, potentially leading to significant security breaches. By exploiting the default credentials, attackers can manipulate system settings, access sensitive information, and gain complete oversight of automated processes in a user’s home environment. It is crucial for users of this product to change any default passwords to safeguard against such unauthorized access.

Affected Version(s)

Ksenia Security Lares 4.0 Home Automation 1.6

Ksenia Security Lares 4.0 Home Automation 1.0.0.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15111 - Proof of Concept