CVE-2025-57605HIGH 8.8EPSS p19.1%

CVE-2025-57605CVE-2025-57605

Description

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.28% probability of exploitation · percentile 19.1% · 2026-06-18T12:00:27Z
Published2025-09-22
Last modified2026-04-15

Underlying weaknesses· 1

CWE-862

References

  1. https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve5-department-switch.md

1

TypeTargetConfidenceTier
WeaknessMissing Authorizationcwe-8620%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57602
CVE
CVE-2025-52352
CVE
CVE-2025-57601
CVE
CVE-2025-56396
CVE
CVE-2025-46066
CVE
CVE-2025-52351
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.