CVE-2025-57601CRITICAL 9.8EPSS p31.4%

CVE-2025-57601CVE-2025-57601

Description

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target device. The device then uses it to establish a reverse SSH tunnel to a remote access server, enabling browser-based SSH access for the administrator. Because the same `proxyuser` account and SSH key are reused across all customer environments: - An attacker who obtains the key (e.g., by intercepting it in transit, extracting it from the remote access server, or from a compromised admin account) can impersonate any managed device. - They can establish unauthorized reverse SSH tunnels and interact with devices without the owner's consent. This is a design flaw in the authentication model: compromise of a single key compromises the trust boundary between the controller and devices.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.4% · 2026-06-18T12:00:27Z
Published2025-09-22
Last modified2026-04-15

Underlying weaknesses· 1

CWE-798

References

  1. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve1-shared-ssh-key.md
  2. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve1-shared-ssh-key.md

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57602
CVE
CVE-2025-57605
CVE
CVE-2025-52351
CVE
CVE-2025-52352
CVE
CVE-2025-10127
CVE
CVE-2025-0670
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.