exploitDog

CVE-2025-57605

Опубликовано: 22 сент. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

Ссылки

https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve5-department-switch.md

EPSS

Процентиль: 23%

0.00075

Низкий

8.8 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-8x92-jj73-5q8g

CVSS3: 8.8

github

5 месяцев назад

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

EPSS

Процентиль: 23%

0.00075

Низкий

8.8 High

CVSS3

Дефекты

CWE-862