{"id":68608,"date":"2025-08-22T00:32:11","date_gmt":"2025-08-21T21:02:11","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-52352-aikaan-iot-management-platform-sign-up-api-authentication-bypass\/"},"modified":"2025-08-22T00:32:11","modified_gmt":"2025-08-21T21:02:11","slug":"cve-2025-52352-aikaan-iot-management-platform-sign-up-api-authentication-bypass","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-52352-aikaan-iot-management-platform-sign-up-api-authentication-bypass\/","title":{"rendered":"CVE-2025-52352 &#8211; Aikaan IoT Management Platform Sign-up API Authentication Bypass"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-52352<br \/>\n<br \/>\n<strong>Published : <\/strong> Aug. 21, 2025, 6:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to register accounts via APIs even when the feature is disabled. This leads to authentication bypass and unauthorized access to admin portals, violating intended access controls.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 0.0 | NA<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-52352 Published : Aug. 21, 2025, 6:15 p.m. | 2\u00a0hours, 7\u00a0minutes ago Description : Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-68608","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68608","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=68608"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/68608\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=68608"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=68608"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=68608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}