{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T22:08:11.559","vulnerabilities":[{"cve":{"id":"CVE-2025-52351","sourceIdentifier":"cve@mitre.org","published":"2025-08-21T18:15:34.630","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL (e.g., https://domain.com/activate=xyz). This practice can result in password exposure via browser history, proxy logs, referrer headers, and email caching. The vulnerability impacts user credential confidentiality during initial onboarding."},{"lang":"es","value":"Aikaan IoT management platform v3.25.0325-5-g2e9c59796 envía una contraseña recién generada a los usuarios en texto plano por correo electrónico y también la incluye como parámetro de consulta en la URL de activación de la cuenta (p. ej., https://domain.com/activate=xyz). Esta práctica puede provocar la exposición de la contraseña a través del historial del navegador, los registros del proxy, los encabezados de referencia y el almacenamiento en caché del correo electrónico. Esta vulnerabilidad afecta la confidencialidad de las credenciales del usuario durante la incorporación inicial."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-319"}]}],"references":[{"url":"https://github.com/Shubhangborkar/aikaan-vulnerabilities/blob/main/cve3-activation-link-password.md","source":"cve@mitre.org"},{"url":"https://www.aikaan.io","source":"cve@mitre.org"}]}}]}