CVE-2025-52351

High CVSS: 8.8

Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding.

Vendor

Product

CWE

CWE-319

Yayın Tarihi

2025-08-21 18:15:34

Güncelleme

2025-08-22 18:08:51

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-319 HIGH 2025

Referanslar

https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve3-activation-link-password.md https://www.aikaan.io