CVE-2025-15114

Ksenia Security · Lares 4.0

The Ksenia Security Lares 4.0 alarm system exposes the user PIN in an XML file response, allowing authenticated attackers to retrieve credentials and disable the alarm.

Executive summary

An information disclosure vulnerability in Ksenia Security Lares 4.0 allows authenticated users to retrieve the system PIN, enabling unauthorized alarm system modification.

Vulnerability

The application insecurely exposes the alarm system PIN within the 'basisInfo' XML file during a server response. While the vulnerability requires authentication, it permits a user to retrieve sensitive security credentials and bypass secondary authorization mechanisms.

Business impact

A CVSS score of 9.8 highlights the critical nature of this flaw, as it undermines the fundamental security purpose of the alarm system. Successful exploitation allows an attacker to disable security monitoring, potentially facilitating physical theft or unauthorized access to the premises protected by the Lares 4.0 system.

Remediation

Immediate Action: Restrict access to administrative interfaces and monitor user account activity for signs of unauthorized access or privilege escalation.

Proactive Monitoring: Audit access logs for any requests involving the 'basisInfo' XML file and investigate any suspicious activity from authorized user accounts.

Compensating Controls: Implement strict network-level access controls to limit which users can reach the alarm management interface, and enforce multi-factor authentication (MFA) where supported.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Organizations should treat this as a high-severity issue, as it effectively nullifies the security provided by the alarm system. Contact Ksenia Security immediately for remediation guidance or firmware updates to prevent unauthorized credential retrieval.