URL Redirection Vulnerability in Ksenia Security Lares Home Automation System
CVE-2025-15112

5.1MEDIUM

Key Information:

Vendor: Ksenia Security S.p.a.
Status: Ksenia Security Lares 4.0 Home Automation
Vendor: CVE Published:; 30 December 2025

🔔 Create Ksenia Security S.p.a. Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-15112?

Ksenia Security's Lares 4.0 version 1.6 is susceptible to a URL redirection flaw within the 'cmdOk.xml' script. This vulnerability enables attackers to exploit the 'redirectPage' GET parameter, allowing them to generate malicious links. When a user, who is authenticated, clicks on such a link from a seemingly trusted domain, they can be redirected to arbitrary websites, potentially compromising their personal information or leading to further security issues.

Affected Version(s)

Ksenia Security Lares 4.0 Home Automation 1.6

Ksenia Security Lares 4.0 Home Automation 1.0.0.15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15112 - Proof of Concept