CVE-2025-52352 – Aikaan IoT Management Platform Sign-up API Authentication Bypass

August 21, 2025

CVE ID : CVE-2025-52352

Published : Aug. 21, 2025, 6:15 p.m. | 7 hours, 4 minutes ago

Description : Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to register accounts via APIs even when the feature is disabled. This leads to authentication bypass and unauthorized access to admin portals, violating intended access controls.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7051 – N-central Syslog Configuration Privilege Escalation Vulnerability

Next Article HoundDog.ai Launches Industry’s First Privacy-by-Design Code Scanner for AI Applications

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

HoundDog.ai Launches Industry’s First Privacy-by-Design Code Scanner for AI Applications

The Double-Edged Sustainability Sword Of AI In Web Design

How VPNs are helping people evade increased censorship – and much more

Google’s AI Mode can now find restaurant reservations for you – how it works

Best early Labor Day TV deals 2025: Save up to 50% on Samsung, LG, and more

Claude wins high praise from a Supreme Court justice – is AI’s legal losing streak over?

Preserving Data Integrity with Laravel Soft Deletes for Recovery and Compliance

Preserving Data Integrity with Laravel Soft Deletes for Recovery and Compliance

Quickly Generate Forms based on your Eloquent Models with Laravel Formello

Pest 4 is Released

FOSS Weekly #25.34: Mint 22.2 Features, FreeVPN Fiasco, Windows Update Killing SSDs, AI in LibreOffice and More

FOSS Weekly #25.34: Mint 22.2 Features, FreeVPN Fiasco, Windows Update Killing SSDs, AI in LibreOffice and More

You’ll need standalone Word, PowerPoint, Excel on iOS, as Microsoft 365 app becomes a Copilot wrapper

Microsoft to Move Copilot Previews to iOS While Editing Returns to Office Apps

CVE-2025-52352 – Aikaan IoT Management Platform Sign-up API Authentication Bypass

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft

CVE-2025-5858 – PHPGurukul Nipah Virus Testing Management System SQL Injection

CVE-2025-34121 – Idera Up.Time PHP File Upload RCE

Microsoft Targets ‘Critical AI Talent’ from Meta to Dominate Next AI Breakthroughs

Google Chrome Is Testing Dynamic Country Detection for Region-Specific Features

CVE-2025-9182 – “Firefox WebRender Denial-of-Service Vulnerability”

CVE-2025-6829 – AluoXiang Oa System External Address Book Handler SQL Injection Vulnerability

CVE-2025-33028: WinZip Flaw Exposes Users to Silent Code Execution via MotW Bypass, No Patch

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps

CVE-2025-52352 – Aikaan IoT Management Platform Sign-up API Authentication Bypass

Related Posts