CRITICAL🇵🇱 Wersja polska

CVE-2025-52694

CVSS 10.0v3.1pub. 2026-01-12upd. 2026-01-26

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

🤖 AI Analysis
How it works

An attacker without any authentication can send a specially crafted network request to the Advantech IoT Suite service exposed to Internet access. The injected SQL commands are then executed directly by the vulnerable service without input data validation. The attack vector is network-based, does not require user interaction or special privileges, and its scope extends beyond the component where the vulnerability occurred (Scope: Changed).

Impact

An attacker can gain unauthorized access to data stored in the database, modify or delete this data, and potentially cause service unavailability — confidentiality, integrity, and system availability are threatened.

Mitigation & patch

All mentioned products must be immediately updated to the latest versions according to manufacturer recommendations and information contained in the references. Until the patch is implemented, it is recommended to limit the exposure of vulnerable services to Internet access through a firewall or other network access control mechanisms.

Who is affected

Advantech IoT Edge Linux Docker, Advantech IoT Edge Windows, Advantech IoTSuite Growth Linux Docker, Advantech IoTSuite SaaS Composer, Advantech IoTSuite Starter Linux Docker — specific versions indicated in manufacturer references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Advantech Iot Edge Linux Docker

    APP
    Advantech
    < 2.0.2
  • Advantech Iot Edge Windows

    APP
    Advantech
    < 2.0.2
  • Advantech Iotsuite Growth Linux Docker

    APP
    Advantech
    < 2.0.2
  • Advantech Iotsuite Saas Composer

    APP
    Advantech
    < 3.4.15
  • Advantech Iotsuite Starter Linux Docker

    APP
    Advantech
    < 2.0.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-34256CRITICAL10.0PL ✓ten sam vendor

Advantech WISE-DeviceOn Server — hardcoded klucz JWT umożliwia pełne przejęcie systemu

CVE-2022-50592CRITICAL9.3PL ✓ten sam vendor

Advantech iView – Auth Bypass i SQL Injection prowadzące do RCE

CVE-2022-50593CRITICAL9.3PL ✓ten sam vendor

Advantech iView – Auth Bypass + SQL Injection prowadzące do RCE

CVE-2022-50595CRITICAL9.3PL ✓ten sam vendor

Advantech iView — Auth Bypass + SQL Injection prowadzący do RCE

CVE-2025-48469CRITICAL9.6PL ✓ten sam vendor

Advantech WISE-40x0 — nieuwierzytelniony upload firmware (Auth Bypass)