CVE-2025-52352CRITICAL 9.8EPSS p41.0%

CVE-2025-52352CVE-2025-52352

Description

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to register accounts via APIs even when the feature is disabled. This leads to authentication bypass and unauthorized access to admin portals, violating intended access controls.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.54% probability of exploitation · percentile 41.0% · 2026-06-18T12:00:27Z
Published2025-08-21
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve4-signup-api-bypass.md
  2. https://www.aikaan.io

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52351
CVE
CVE-2025-57605
CVE
CVE-2025-57602
CVE
CVE-2025-57601
CVE
CVE-2025-64066
CVE
CVE-2025-49652
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.