CVE-2025-52351HIGH 8.8EPSS p11.8%

CVE-2025-52351CVE-2025-52351

Description

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.22% probability of exploitation · percentile 11.8% · 2026-06-18T12:00:27Z
Published2025-08-21
Last modified2026-04-15

Underlying weaknesses· 1

CWE-319

References

  1. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve3-activation-link-password.md
  2. https://www.aikaan.io

1

TypeTargetConfidenceTier
WeaknessCleartext Transmission of Sensitive Informationcwe-3190%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52352
CVE
CVE-2025-57602
CVE
CVE-2025-57605
CVE
CVE-2025-57601
CVE
CVE-2025-41645
CVE
CVE-2025-50433
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.