CVE-2025-52694

Critical

Published: 12 January 2026

Published

12 January 2026

Modified

26 January 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.1467 94.5th percentile

Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of…

affected product versions are advised to update to the latest versions immediately.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the SQL injection vulnerability by requiring timely remediation of the identified flaw through patching to the latest product versions as recommended.

SI-10 Information Input Validation good match

prevent

Prevents SQL injection exploitation by enforcing validation of all information inputs to the vulnerable service, blocking malicious SQL commands.

SC-7 Boundary Protection partial match

preventdetect

Boundary protection mechanisms such as web application firewalls inspect and block SQL injection attempts targeting the Internet-exposed service.

Security SummaryAI

CVE-2025-52694 is a SQL injection vulnerability (CWE-89) that enables the execution of arbitrary SQL commands on affected services when exposed to the Internet. The flaw carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critical due to its potential to compromise data confidentiality, integrity, and availability. Specific affected software or components are detailed in the referenced advisory, with users and administrators of vulnerable product versions urged to apply updates.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants the ability to execute arbitrary SQL commands, potentially leading to full compromise of the underlying database and service.

The Cyber Security Agency of Singapore advisory (AL-2026-001) recommends that users and administrators immediately update to the latest product versions to mitigate the risk.

Details

CWE(s): CWE-89

Affected Products

advantech

iot edge linux docker

≤ 2.0.2

advantech

iot edge windows

≤ 2.0.2

advantech

iotsuite growth linux docker

≤ 2.0.2

advantech

iotsuite saas composer

≤ 3.4.15

advantech

iotsuite starter linux docker

≤ 2.0.2

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SQL injection in a public-facing internet-exposed service directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/
Mitigation, Third Party Advisory · 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4