Description

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.

INFO

Published Date :

2025-08-21T00:00:00.000Z

Last Modified :

2025-08-21T20:02:42.436Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-52351 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-52351.

URL Resource
https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve3-activation-link-password.md cve-icon cve-icon
https://www.aikaan.io cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System