ГлавнаяУязвимости → CVE-2025-57605
8.8высокая

CVE-2025-57605

Описание

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department

CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve5-department-switch.md