CVE-2025-57605

high

Description

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

References

https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve5-department-switch.md

Details

Source: Mitre, NVD

Published: 2025-09-22

Updated: 2025-09-23

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H