Description

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can lead to remote code execution, information disclosure, and privilege escalation across customer environments.

INFO

Published Date :

2025-09-22T00:00:00.000Z

Last Modified :

2025-09-23T18:13:51.775Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57602 vulnerability.

Vendors Products
Aikaan
  • Iot Management Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57602.

URL Resource
https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve2-proxyuser-shell.md cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact