CNNVD-202512-5038 Information

Dec 30, 2025 cve

CNNVD ID

CNNVD-202512-5038

CVE-2025-15112

CNNVD Published: 2025-12-30

Description (Chinese)

Ksenia Security Lares 4.0 Home Automation是意大利Ksenia Security公司的一款智慧安防与家庭自动化控制平台。 Ksenia Security Lares 4.0 Home Automation 1.6版本存在输入验证错误漏洞，该漏洞源于cmdOk.xml脚本中对redirectPage GET参数的操作，可能导致URL重定向攻击。

Description (English)

Ksenia Security Lares 4.0 Home Automation is a smart, home-based control platform for Ksenia Security, Italy. Version 1.6 of Ksenia Security Lares 4.0 Home Automation contains an input authentication error that arises from the operation of redirectPage GET parameters in cmdok.xml scripts, which may lead to a re-directional attack on URLs.

Hazard Level

Medium

Vulnerability Type

输入验证错误

Affected Vendor

Ksenia Security

Published

2025-12-30

Last Modified

2026-02-24

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5928.php https://www.kseniasecurity.com/ https://packetstorm.news/files/id/190179/ https://www.vulncheck.com/advisories/ksenia-security-lares-home-automation-url-redirection-vulnerability

Share on: