{"id":77885,"date":"2025-09-27T02:31:30","date_gmt":"2025-09-27T02:31:30","guid":{"rendered":""},"modified":"2025-10-21T14:51:50","modified_gmt":"2025-10-21T20:51:50","slug":"cve-2025-57605-privilege-escalation-vulnerability-in-aikaan-iot-platform","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-57605-privilege-escalation-vulnerability-in-aikaan-iot-platform\/","title":{"rendered":"CVE-2025-57605: Privilege Escalation Vulnerability in AiKaan IoT Platform<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

In the expanding world of the Internet of Things (IoT), ensuring the security of these devices is of paramount importance. A new vulnerability, identified as CVE-2025-57605, has been discovered in the AiKaan IoT Platform that allows authenticated users to bypass server-side authorization on department admin assignment APIs. This vulnerability essentially allows<\/a> an authenticated user to assign themselves as administrators of other departments, thereby escalating their privileges and potentially resulting in unauthorized system compromise or data leakage.
\nThis vulnerability is a serious<\/a> concern for any organization utilizing the AiKaan IoT platform, particularly those with multiple departments and sensitive data. The severity of this vulnerability is highlighted by its CVSS Severity Score of 8.8, indicating it’s a high-risk vulnerability<\/a> that should be addressed urgently.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-57605
\nSeverity: High (CVSS: 8.8)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: Required
\nImpact: Unauthorized privilege escalation, potential system<\/a> compromise, and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n