SQL Injection in Advantech Iot_edge_linux_docker
CVE-2025-52694
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidenti…
Vulnerability class: SQL Injection
EPSS: 0.379 (98.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.
Affected products
- Advantech Iot_edge_linux_docker
- Advantech Iot_edge_windows
- Advantech Iotsuite And Iot Edge Products — versions SaaSComposer prior to version V3.4.15, IoTSuite Growth Linux docker prior to version V2.0.2, IoTSuite Starter Linux docker prior to version V2.0.2
- Advantech Iotsuite_growth_linux_docker
- Advantech Iotsuite_saas_composer
- Advantech Iotsuite_starter_linux_docker
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 (Third Party Advisory, Mitigation)
Frequently asked questions
- What is CVE-2025-52694?
- CVE-2025-52694 is a critical-severity vulnerability in Advantech Iot_edge_linux_docker, classified under SQL Injection. CVSS score: 10.0/10. Published 2026-01-12.
- How severe is CVE-2025-52694?
- Critical severity. CVSS v3 base score is 10.0 out of 10.
- Is CVE-2025-52694 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.