Execution of arbitrary SQL commands_CVE-2025-52694

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.

AI Analysis

SQL injection vulnerability allowing execution of arbitrary SQL commands

Basic Information

ID CVE-2025-52694

Source CSA

Published Jan 12, 2026 at 02:27

Affected Product

Vendor Advantech

Product IoTSuite and IoT Edge Products

Version IoTSuite SaaSComposer prior to version 3.4.15

Affected Versions Advantech IoTSuite and IoT Edge Products IoTSuite SaaSComposer prior to version 3.4.15
Advantech IoTSuite and IoT Edge Products IoTSuite Growth Linux docker prior to version V2.0.2
Advantech IoTSuite and IoT Edge Products IoTSuite Starter Linux docker prior to version V2.0.2
Advantech IoTSuite and IoT Edge Products IoT Edge Linux docker prior to version V2.0.2
Advantech IoTSuite and IoT Edge Products IoT Edge Windows prior to version V2.0.2

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Advantech

Product IoTSuite and IoT Edge Products

Version 3.4.15, V2.0.2

References

www.csa.gov.sg /alerts-and-advisories/alerts/al-2025-127/

{
    "lastseen": "",
    "description": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.",
    "published": "2026-01-12T02:27:16.744Z",
    "modified": "2026-01-12T02:27:16.744Z",
    "type": "cve",
    "title": "Execution of arbitrary SQL commands",
    "source": "CSA",
    "references": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-127/",
    "id": "CVE-2025-52694",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Advantech IoTSuite and IoT Edge Products IoTSuite SaaSComposer prior to version 3.4.15\nAdvantech IoTSuite and IoT Edge Products IoTSuite Growth Linux docker prior to version V2.0.2\nAdvantech IoTSuite and IoT Edge Products IoTSuite Starter Linux docker prior to version V2.0.2\nAdvantech IoTSuite and IoT Edge Products IoT Edge Linux docker prior to version V2.0.2\nAdvantech IoTSuite and IoT Edge Products IoT Edge Windows prior to version V2.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IoTSuite and IoT Edge Products",
    "version": "IoTSuite SaaSComposer prior to version 3.4.15",
    "vendor": "Advantech",
    "ai_description": "SQL injection vulnerability allowing execution of arbitrary SQL commands",
    "ai_severity": "Critical",
    "ai_vendor": "Advantech",
    "ai_product": "IoTSuite and IoT Edge Products",
    "ai_version": "3.4.15, V2.0.2",
    "ai_score": 10
}