SQL Injection Vulnerability in Affected Product from Vendor
CVE-2025-52694

10CRITICAL

Key Information:

Vendor: Advantech
Status: Iotsuite And Iot Edge Products
Vendor: CVE Published:; 12 January 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-52694?

An SQL injection vulnerability exists in the affected product, allowing an unauthenticated remote attacker to execute arbitrary SQL statements. If exploited, this security weakness could enable unauthorized interactions with the database, potentially compromising sensitive data. Organizations using the affected product must ensure proper security measures are in place to mitigate this risk and protect their data integrity against external threats.

Affected Version(s)

IoTSuite and IoT Edge Products IoTSuite SaaSComposer prior to version 3.4.15

IoTSuite and IoT Edge Products IoTSuite Growth Linux docker prior to version V2.0.2

IoTSuite and IoT Edge Products IoTSuite Starter Linux docker prior to version V2.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-52694-POC
Created by Winz18

References

https://www.csa.gov.sg/alerts-and-advisories/alerts/alert...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

🟡
Public PoC available
Jan 12, 2026
👾
Exploit known to exist
Jan 12, 2026
Vulnerability published
Jan 12, 2026
Vulnerability Reserved
Jun 19, 2025

Credit

Loi Nguyen Thang

JSON

Advantech

Badges

What is CVE-2025-52694?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit