CVE-2025-52352
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-08-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aikaan | iot_management_platform | 3.25.0325-5-g2e9c59796 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Aikaan IoT management platform where the user sign-up option can be disabled in the user interface, but the underlying sign-up API endpoint remains accessible and functional. This means that even if the sign-up option is hidden on the login page, unauthenticated users can still register accounts through the API, bypassing intended access controls.
How can this vulnerability impact me? :
The vulnerability can lead to authentication bypass and unauthorized access to admin portals. This means attackers can create accounts without permission and potentially gain administrative access, compromising the security and integrity of the system.