Primary

Context

AiKaan IoT Platform Unauthorized Privilege Escalation Vulnerability in Department Admin Assignment APIs

Vulnerability

A vulnerability in the AiKaan IoT Platform's department admin assignment APIs allows authenticated users to escalate privileges by assigning themselves as admins of other departments. This issue arises from a lack of server-side authorization, enabling unauthorized privilege escalation across departments. The vulnerability affects AiKaan IoT Platform versions through v3.25.0325-5-g2e9c59796.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to gain admin rights in departments other than their own.

Reproduction

Users can exploit this vulnerability by first obtaining the IDs of other departments through the user interface. Once they have this information, they can manipulate the department admin assignment APIs to assign themselves as admins of those departments, bypassing authorization checks.

Added: Sep 22, 2025, 4:39 PM

Updated: Sep 23, 2025, 12:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AiKaan IoT Platform Unauthorized Privilege Escalation Vulnerability in Department Admin Assignment APIs

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating