CVE-2025-57602

Name of the Vulnerable Software and Affected Versions AiKaan IoT management platform (affected versions not specified)

Description The AiKaan IoT management platform suffers from inadequate hardening of the proxyuser account and utilizes a shared, hardcoded SSH private key. This combination enables remote attackers to authenticate to the cloud controller, obtain interactive shell access, and move laterally to other connected IoT devices. Successful exploitation can result in remote code execution, information disclosure, and privilege escalation within customer environments. The proxyuser account is a key component in the attack chain.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.