Vulnerability Description
Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the cloud controller, gain interactive shell access, and pivot into other connected IoT devices. This can lead to remote code execution, information disclosure, and privilege escalation across customer environments.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve2-proxyuse
- https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve2-proxyuse
FAQ
What is CVE-2025-57602?
CVE-2025-57602 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the clou...
How severe is CVE-2025-57602?
CVE-2025-57602 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-57602?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.