Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2025-15114

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 month ago
@LeSuisse removed
5 packages
- flaresolverr
- tests.arrayUtilities.isDeclaredMap.sameScopeDeclareSingletonMap
- tests.arrayUtilities.isDeclaredArray.sameScopeDeclareSingletonArray
- tests.arrayUtilities.isDeclaredMap.previousScopeDeclareSingletonMapFails
- tests.arrayUtilities.isDeclaredArray.previousScopeDeclareSingletonArrayFails
1 month ago
@LeSuisse dismissed 1 month ago

Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a critical security flaw that exposes the alarm system PIN in the 'basisInfo' XML file after authentication. Attackers can retrieve the PIN from the server response to bypass security measures and disable the alarm system without additional authentication.

References

Zero Science Lab Disclosure (ZSL-2025-5929) third-party-advisory
VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability third-party-advisory
Zero Science Lab Disclosure (ZSL-2025-5929) third-party-advisory
VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php exploit
Zero Science Lab Disclosure (ZSL-2025-5929) technical-description exploit
VulnCheck Advisory: Ksenia Security Lares 4.0 Home Automation 1.6 PIN Exposure Vulnerability third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2025-5929.php exploit

Affected products

lares

==1.6
==1.0.0.15

Ksenia Security Lares 4.0 Home Automation

==1.6
==1.0.0.15

Ignored packages (5)

pkgs.flaresolverr

Proxy server to bypass Cloudflare protection

nixos-unstable 3.4.6
- nixpkgs-unstable 3.4.6
- nixos-unstable-small 3.4.6
nixos-25.11 3.4.3
- nixos-25.11-small 3.4.3
- nixpkgs-25.11-darwin 3.4.3

pkgs.tests.arrayUtilities.isDeclaredMap.sameScopeDeclareSingletonMap

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.arrayUtilities.isDeclaredArray.sameScopeDeclareSingletonArray

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.arrayUtilities.isDeclaredMap.previousScopeDeclareSingletonMapFails

A wrapper around testers.testBuildFailure to simplify common use cases

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.arrayUtilities.isDeclaredArray.previousScopeDeclareSingletonArrayFails

A wrapper around testers.testBuildFailure to simplify common use cases

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Not present in nixpkgs