VYPR
Vendor

AiKaan

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2025-57601CriSep 22, 2025
    risk 0.64cvss 9.8epss 0.00

    AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static…

  • CVE-2025-57605HigSep 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

  • CVE-2024-38826MedNov 11, 2024
    risk 0.34cvss epss 0.00

    Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller. The Cloud Foundry project recommends upgrading the following releases: * Upgrade capi…