CVE-2025-52694

CRITICAL EPSS 98.4%

Published Jan 12, 20265mo ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Jan 12, 2026 5mo ago

Last Modified Jun 17, 2026 1w ago

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

98.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 5

Vendor	Product	Version	Range
advantech	iot_edge_linux_docker	*	<2.0.2
advantech	iot_edge_windows	*	<2.0.2
advantech	iotsuite_growth_linux_docker	*	<2.0.2
advantech	iotsuite_saas_composer	*	<3.4.15
advantech	iotsuite_starter_linux_docker	*	<2.0.2

References 1

csa.gov.sg https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/

MitigationThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.