FKIE_CVE-2025-52694

Vulnerability from fkie_nvd - Published: 2026-01-12 03:16 - Updated: 2026-01-26 03:15
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.
References
5f57b9bf-260d-4433-bf07-b6a79e9bb7d4https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/Mitigation, Third Party Advisory
Impacted products
Vendor Product Version
advantech iot_edge_linux_docker *
advantech iot_edge_windows *
advantech iotsuite_growth_linux_docker *
advantech iotsuite_saas_composer *
advantech iotsuite_starter_linux_docker *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:advantech:iot_edge_linux_docker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4159F16F-DB7D-4D05-A929-F36F7881DADC",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iot_edge_windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB4631FE-DC5B-45F6-83B2-7747FFB52191",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iotsuite_growth_linux_docker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A072360E-AD26-44B5-A5BB-F3F3E3489964",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iotsuite_saas_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4BD0911-E8D5-4E1A-BFA4-872A9F62E621",
              "versionEndExcluding": "3.4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iotsuite_starter_linux_docker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3D90FA-A9D9-4C66-9C28-34E600C984ED",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."
    }
  ],
  "id": "CVE-2025-52694",
  "lastModified": "2026-01-26T03:15:49.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-12T03:16:07.127",
  "references": [
    {
      "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/"
    }
  ],
  "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.