FKIE_CVE-2025-52694

Vulnerability from fkie_nvd - Published: 2026-01-12 03:16 - Updated: 2026-01-26 03:15
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.
References
5f57b9bf-260d-4433-bf07-b6a79e9bb7d4https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/Mitigation, Third Party Advisory
Impacted products
Vendor Product Version
advantech iot_edge_linux_docker *
advantech iot_edge_windows *
advantech iotsuite_growth_linux_docker *
advantech iotsuite_saas_composer *
advantech iotsuite_starter_linux_docker *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:advantech:iot_edge_linux_docker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4159F16F-DB7D-4D05-A929-F36F7881DADC",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iot_edge_windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB4631FE-DC5B-45F6-83B2-7747FFB52191",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iotsuite_growth_linux_docker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A072360E-AD26-44B5-A5BB-F3F3E3489964",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iotsuite_saas_composer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4BD0911-E8D5-4E1A-BFA4-872A9F62E621",
              "versionEndExcluding": "3.4.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:advantech:iotsuite_starter_linux_docker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3D90FA-A9D9-4C66-9C28-34E600C984ED",
              "versionEndExcluding": "2.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately."
    },
    {
      "lang": "es",
      "value": "El \u00e9xito en la explotaci\u00f3n de la vulnerabilidad de inyecci\u00f3n SQL podr\u00eda permitir a un atacante remoto no autenticado ejecutar comandos SQL arbitrarios en el servicio vulnerable cuando este est\u00e1 expuesto a Internet, lo que podr\u00eda afectar la confidencialidad, integridad y disponibilidad de los datos. Se recomienda a los usuarios y administradores de las versiones de productos afectadas que actualicen a las \u00faltimas versiones de inmediato."
    }
  ],
  "id": "CVE-2025-52694",
  "lastModified": "2026-01-26T03:15:49.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-01-12T03:16:07.127",
  "references": [
    {
      "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/"
    }
  ],
  "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.