Vulnerability Description
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target device. The device then uses it to establish a reverse SSH tunnel to a remote access server, enabling browser-based SSH access for the administrator. Because the same `proxyuser` account and SSH key are reused across all customer environments: - An attacker who obtains the key (e.g., by intercepting it in transit, extracting it from the remote access server, or from a compromised admin account) can impersonate any managed device. - They can establish unauthorized reverse SSH tunnels and interact with devices without the owner's consent. This is a design flaw in the authentication model: compromise of a single key compromises the trust boundary between the controller and devices.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve1-shared-s
- https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve1-shared-s
FAQ
What is CVE-2025-57601?
CVE-2025-57601 is a vulnerability with a CVSS score of 9.8 (CRITICAL). AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Te...
How severe is CVE-2025-57601?
CVE-2025-57601 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-57601?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.