CVE-2025-52694: Execution of arbitrary SQL commands

Published Jan 12, 2026
·
Updated

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Affected Software

5 affected components
Advantech Iot Edge Linux Docker<2.0.2
Advantech Iot Edge Windows<2.0.2
Advantech Iotsuite Growth Linux Docker<2.0.2
Advantech Iotsuite Saas Composer<3.4.15
Advantech Iotsuite Starter Linux Docker<2.0.2

Remediation

Information

Users and administrators of affected product versions are advised to update to the latest versions immediately. For IoTSuite SaaSComposer, IoTSuite Growth Linux docker, and IoT Edge Windows please contact Advantech here https://wise-iot.advantech.com/en-tw/marketplace/help/technical-support for the official release of the fixed version. For IoTSuite Starter Linux docker, please download the update here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/JqNWAMGz1JQ . For IoT Edge Linux docker, please download the update here https://portal-kbinsight-wiseiot-ensaas.practice.cloud.advantech.com/kb/library/detail/G0yWBn2mp2q .

Event History

Jan 12, 2026
CVE Published
via MITRE·02:27 AM
Data Sourced
via MITRE·02:27 AM
RemedyDescriptionSeverity
Data Sourced
via NVD·03:16 AM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2025-52694?

CVE-2025-52694 has a high severity rating due to its potential to allow execution of arbitrary SQL commands by unauthorized remote attackers.

2

How do I fix CVE-2025-52694?

To fix CVE-2025-52694, update your Advantech IoT Edge and Iotsuite software to the latest versions that are not vulnerable.

3

Who is affected by CVE-2025-52694?

CVE-2025-52694 affects users of Advantech IoT Edge Linux Docker, IoT Edge Windows, Iotsuite Growth Linux Docker, Iotsuite SaaS Composer, and Iotsuite Starter Linux Docker versions below specific thresholds.

4

Can CVE-2025-52694 compromise data confidentiality?

Yes, exploitation of CVE-2025-52694 can compromise data confidentiality by allowing attackers to execute unauthorized SQL commands.

5

Is CVE-2025-52694 an authenticated or unauthenticated attack vector?

CVE-2025-52694 is an unauthenticated attack vector, allowing remote attackers to exploit it without needing to authenticate.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203