High severity8.8NVD Advisory· Published Aug 21, 2025· Updated Apr 15, 2026
CVE-2025-52351
CVE-2025-52351
Description
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: = v3.25.0325-5-g2e9c59796
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.