VYPR
Unrated severityNVD Advisory· Published Dec 30, 2025· Updated Mar 11, 2026

Ksenia Security lares Home Automation 1.6 URL Redirection Vulnerability

CVE-2025-15112

Description

Ksenia Security lares (legacy model) version 1.6 contains a URL redirection vulnerability in the 'cmdOk.xml' script that allows attackers to manipulate the 'redirectPage' GET parameter. Attackers can craft malicious links that redirect authenticated users to arbitrary websites when clicking on a specially constructed link hosted on a trusted domain.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.