High severity8.8NVD Advisory· Published Sep 22, 2025· Updated Apr 15, 2026

CVE-2025-57605

Description

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

Affected products

Shubhangborkar/Aikaan Vulnerabilitiesreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve5-department-switch.mdnvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000