CVE-2025-57602CRITICAL 9.8EPSS p38.5%

CVE-2025-57602CVE-2025-57602

Description

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can lead to remote code execution, information disclosure, and privilege escalation across customer environments.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.49% probability of exploitation · percentile 38.5% · 2026-06-19T12:03:05Z
Published2025-09-22
Last modified2026-04-15

Underlying weaknesses· 1

CWE-798

References

  1. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve2-proxyuser-shell.md
  2. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve2-proxyuser-shell.md

1

TypeTargetConfidenceTier
WeaknessUse of Hard-coded Credentialscwe-7980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57601
CVE
CVE-2025-57605
CVE
CVE-2025-52352
CVE
CVE-2025-52351
CVE
CVE-2025-41656
CVE
CVE-2025-0680
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.