CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/	Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:advantech:iot_edge_linux_docker::::::::
	cpe:2.3:a:advantech:iot_edge_windows::::::::
	cpe:2.3:a:advantech:iotsuite_growth_linux_docker::::::::
	cpe:2.3:a:advantech:iotsuite_saas_composer::::::::
	cpe:2.3:a:advantech:iotsuite_starter_linux_docker::::::::

History

No history.

Information

Published : 2026-01-12 03:16

Updated : 2026-01-26 03:15

NVD link : CVE-2025-52694

Mitre link : CVE-2025-52694

CVE.ORG link : CVE-2025-52694

JSON object : View

Products Affected

advantech

iot_edge_windows
iotsuite_starter_linux_docker
iot_edge_linux_docker
iotsuite_saas_composer
iotsuite_growth_linux_docker

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-52694", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-12T03:16:07.127", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/", "tags": ["Mitigation", "Third Party Advisory"], "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."}], "lastModified": "2026-01-26T03:15:49.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:advantech:iot_edge_linux_docker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4159F16F-DB7D-4D05-A929-F36F7881DADC", "versionEndExcluding": "2.0.2"}, {"criteria": "cpe:2.3:a:advantech:iot_edge_windows:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB4631FE-DC5B-45F6-83B2-7747FFB52191", "versionEndExcluding": "2.0.2"}, {"criteria": "cpe:2.3:a:advantech:iotsuite_growth_linux_docker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A072360E-AD26-44B5-A5BB-F3F3E3489964", "versionEndExcluding": "2.0.2"}, {"criteria": "cpe:2.3:a:advantech:iotsuite_saas_composer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4BD0911-E8D5-4E1A-BFA4-872A9F62E621", "versionEndExcluding": "3.4.15"}, {"criteria": "cpe:2.3:a:advantech:iotsuite_starter_linux_docker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B3D90FA-A9D9-4C66-9C28-34E600C984ED", "versionEndExcluding": "2.0.2"}], "operator": "OR"}]}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4"}