CVE-2025-52694 - Vulnerability Details - OpenCVE

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

References

Link	Providers
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-127/

History

Mon, 12 Jan 2026 03:15:00 +0000

Type	Values Removed	Values Added
Description		Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.
Title		Execution of arbitrary SQL commands
References		https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-127/
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: CSA

Published: 2026-01-12T02:27:16.744Z

Updated: 2026-01-12T02:27:16.744Z

Reserved: 2025-06-19T06:04:41.987Z

Link: CVE-2025-52694

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-01-12T03:16:07.127

Modified: 2026-01-12T03:16:07.127

Link: CVE-2025-52694

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52694", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2025-06-19T06:04:41.987Z", "datePublished": "2026-01-12T02:27:16.744Z", "dateUpdated": "2026-01-12T02:27:16.744Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "IoTSuite and IoT Edge Products", "vendor": "Advantech", "versions": [{"status": "affected", "version": "IoTSuite SaaSComposer prior to version 3.4.15"}, {"status": "affected", "version": "IoTSuite Growth Linux docker prior to version V2.0.2"}, {"status": "affected", "version": "IoTSuite Starter Linux docker prior to version V2.0.2"}, {"status": "affected", "version": "IoT Edge Linux docker prior to version V2.0.2"}, {"status": "affected", "version": "IoT Edge Windows prior to version V2.0.2"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Loi Nguyen Thang"}], "datePublic": "2026-01-12T02:21:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet."}], "value": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-01-12T02:27:16.744Z"}, "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-127/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users and administrators of affected product versions are advised to update to the latest versions immediately.\n\n<br>\n\n<p>For IoTSuite SaaSComposer<a target=\"_blank\" rel=\"nofollow\">, IoTSuite Growth Linux docker</a>, and <a target=\"_blank\" rel=\"nofollow\">IoT Edge Windows</a> please contact Advantech <a target=\"_blank\" rel=\"nofollow\" href=\"https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support\">here </a>for the official release of the fixed version. </p><p>For <a target=\"_blank\" rel=\"nofollow\">IoTSuite Starter Linux docker</a>, please download the update <a target=\"_blank\" rel=\"nofollow\" href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>. </p><p>For <a target=\"_blank\" rel=\"nofollow\">IoT Edge Linux docker</a>, please download the update <a target=\"_blank\" rel=\"nofollow\" href=\"https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q?tenantId=VGVuYW50.aSUET6-KO-0qXOBh\">here</a>.</p>"}], "value": "Users and administrators of affected product versions are advised to update to the latest versions immediately.\n\n\n\n\nFor IoTSuite SaaSComposer here https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for the official release of the fixed version.\u00a0\n\nFor here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ .\u00a0\n\nFor here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q ."}], "source": {"discovery": "UNKNOWN"}, "title": "Execution of arbitrary SQL commands", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}