10
CVE-2025-52694
- EPSS 17.82%
- Veröffentlicht 12.01.2026 03:16:07
- Zuletzt bearbeitet 26.01.2026 03:15:49
- Quelle 5f57b9bf-260d-4433-bf07-b6a79e
- CVE-Watchlists
- Unerledigt
LoginSuccessful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Advantech ≫ Iot Edge Linux Docker Version < 2.0.2
Advantech ≫ Iot Edge Windows Version < 2.0.2
Advantech ≫ Iotsuite Growth Linux Docker Version < 2.0.2
Advantech ≫ Iotsuite Saas Composer Version < 3.4.15
Advantech ≫ Iotsuite Starter Linux Docker Version < 2.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.82% | 0.95 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4 | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.