CVE-2025-57602 is a critical vulnerability affecting the AiKaan IoT management platform. The root cause is insufficient hardening of the proxyuser account, which is compounded by the use of a shared, hardcoded SSH private key. This combination allows remote attackers to authenticate directly to the cloud controller without requiring any prior authentication or user interaction. Once authenticated, attackers gain interactive shell access to the cloud controller, enabling them to pivot laterally into other connected IoT devices managed by the platform. The vulnerability enables remote code execution, information disclosure, and privilege escalation across customer environments. The use of a hardcoded SSH private key (CWE-798) is a severe security misconfiguration that effectively bypasses normal authentication mechanisms. Given the CVSS score of 9.8 (critical), the vulnerability is exploitable over the network with no privileges or user interaction required, and it impacts confidentiality, integrity, and availability at a high level. Although no known exploits are currently reported in the wild, the vulnerability presents a significant risk to organizations relying on AiKaan IoT management for device orchestration and security. The lack of version specifics suggests the issue may affect all current deployments or that version details were not disclosed at publication time. This vulnerability highlights the risks of poor credential management and inadequate account hardening in IoT management platforms, which can lead to widespread compromise of IoT ecosystems.

For European organizations, the impact of this vulnerability is substantial. Many enterprises and critical infrastructure operators increasingly rely on IoT devices for automation, monitoring, and operational efficiency. Compromise of the AiKaan cloud controller could lead to unauthorized control over a broad range of connected devices, resulting in operational disruptions, data breaches, and potential sabotage. The ability to execute remote code and escalate privileges means attackers could implant persistent malware, exfiltrate sensitive data, or disrupt services. This is particularly concerning for sectors such as manufacturing, energy, transportation, and smart city deployments, where IoT devices are integral to daily operations. Additionally, the compromise of IoT devices can serve as a foothold for further attacks within corporate networks, increasing the risk of lateral movement and more extensive breaches. The vulnerability also raises compliance and regulatory concerns under frameworks like GDPR, NIS Directive, and sector-specific cybersecurity regulations, as data confidentiality and service availability could be severely impacted.

To mitigate this vulnerability, European organizations using the AiKaan IoT management platform should immediately: 1) Audit and replace any hardcoded SSH keys with unique, securely generated keys per deployment, eliminating shared credentials. 2) Harden the proxyuser account by enforcing strong authentication mechanisms, disabling or restricting its use where possible, and applying the principle of least privilege. 3) Implement network segmentation to isolate IoT management infrastructure from critical internal networks, limiting the blast radius of potential compromises. 4) Monitor SSH access logs and cloud controller activity for anomalous authentication attempts or unusual shell access patterns. 5) Engage with AiKaan or their vendors to obtain patches or updated versions that address this vulnerability as soon as they become available. 6) Employ multi-factor authentication (MFA) for all administrative access to the IoT management platform. 7) Conduct regular security assessments and penetration testing focused on IoT management components to detect similar weaknesses. These steps go beyond generic advice by focusing on credential management, account hardening, and network architecture specific to the AiKaan platform environment.