CVE-2025-15112 identifies an open redirect vulnerability classified under CWE-601 in Ksenia Security S.p.A.'s lares legacy model, specifically versions 1.6 and 1.0.0.15. The vulnerability resides in the 'cmdOk.xml' script, where the 'redirectPage' GET parameter is not properly validated or sanitized, allowing an attacker to manipulate it to redirect users to arbitrary external URLs. This flaw enables attackers to craft malicious links that appear to originate from a trusted domain but redirect authenticated users to potentially harmful websites. The vulnerability does not require any authentication or privileges and can be exploited remotely with only user interaction (clicking the malicious link). The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:A), and no impact on confidentiality, integrity, or availability (VC:N/VI:N/VA:N). Although no known exploits are currently reported, the vulnerability can be leveraged in phishing campaigns or social engineering attacks to deceive users into visiting malicious sites, potentially leading to credential theft or malware infection. The lack of patches or official remediation guidance necessitates immediate attention from organizations using these affected versions. The vulnerability's medium severity rating reflects the moderate risk posed by the ease of exploitation combined with limited direct impact on system security.

The primary impact of CVE-2025-15112 is the facilitation of phishing and social engineering attacks by leveraging trusted domains to redirect users to malicious sites. This can lead to credential compromise, malware infections, or further exploitation if users are tricked into divulging sensitive information or downloading malicious payloads. While the vulnerability itself does not directly compromise system confidentiality, integrity, or availability, it undermines user trust and can serve as a stepping stone for more severe attacks. Organizations relying on Ksenia Security lares legacy models in critical infrastructure or security-sensitive environments may face increased risk of targeted phishing campaigns. The ease of exploitation without authentication and the ability to host malicious links on trusted domains amplify the threat's potential impact. Additionally, the absence of known exploits in the wild suggests that attackers may develop weaponized attacks in the future, increasing risk over time.

Organizations should immediately review and restrict the use of the 'redirectPage' parameter in the 'cmdOk.xml' script to prevent open redirect abuse. Specific mitigations include implementing strict validation and sanitization of the 'redirectPage' parameter to allow only internal or whitelisted URLs. If possible, disable or remove the vulnerable redirect functionality entirely. Employ web application firewalls (WAFs) with rules to detect and block suspicious redirect patterns. Educate users about the risks of clicking on unexpected links, even if they appear to originate from trusted domains. Monitor logs for unusual redirect requests and investigate suspicious activity. Since no official patches are currently available, organizations should engage with Ksenia Security for updates or consider upgrading to newer, unaffected product versions. Additionally, implement multi-factor authentication and robust endpoint protection to mitigate downstream risks from phishing attacks enabled by this vulnerability.