{"id":75203,"date":"2025-12-31T02:45:49","date_gmt":"2025-12-30T23:15:49","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-15113-ksenia-security-lares-4-0-home-automation-1-6-remote-code-execution-via-mpfs-upload\/"},"modified":"2025-12-31T02:45:49","modified_gmt":"2025-12-30T23:15:49","slug":"cve-2025-15113-ksenia-security-lares-4-0-home-automation-1-6-remote-code-execution-via-mpfs-upload","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-15113-ksenia-security-lares-4-0-home-automation-1-6-remote-code-execution-via-mpfs-upload\/","title":{"rendered":"CVE-2025-15113 &#8211; Ksenia Security Lares 4.0 Home Automation 1.6 Remote Code Execution via MPFS Upload"},"content":{"rendered":"<p>CVE ID : CVE-2025-15113<\/p>\n<p>Published :  Dec. 30, 2025, 11:15 p.m. | 1\u00a0hour, 8\u00a0minutes ago<\/p>\n<p>Description : Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on the home automation system&#8217;s web server.<\/p>\n<p>Severity: 8.5 | HIGH<\/p>\n<p>Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-15113 Published : Dec. 30, 2025, 11:15 p.m. | 1\u00a0hour, 8\u00a0minutes ago Description : Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-75203","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/75203","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=75203"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/75203\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=75203"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=75203"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=75203"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}