VYPR

Aikaan Vulnerabilities

by Shubhangborkar

Source repositories

CVEs (3)

  • CVE-2025-57602CriSep 22, 2025
    risk 0.64cvss 9.8epss 0.00

    Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT…

  • CVE-2025-57601CriSep 22, 2025
    risk 0.64cvss 9.8epss 0.00

    AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static…

  • CVE-2025-57605HigSep 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department