CVE-2025-57605

Name of the Vulnerable Software and Affected Versions AiKaan IoT Platform (affected versions not specified)

Description A missing server-side authorization check in the department admin assignment APIs within the AiKaan IoT Platform permits authenticated users to gain elevated privileges. Specifically, users can assign themselves as administrators of departments they do not have authorization to manage, leading to unauthorized privilege escalation. The affected API endpoints handle department admin assignments. The vulnerable functionality allows users to manipulate their department admin status.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.