CVE-2025-15113 – Ksenia Security Lares 4.0 Home Automation 1.6 Remote Code Execution via MPFS Upload

CVE ID : CVE-2025-15113

Published : Dec. 30, 2025, 11:15 p.m. | 1 hour, 8 minutes ago

Description : Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system’s web server.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…