CVE-2025-52694

CRITICAL
2026-01-12 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 12, 2026 - 03:16 nvd
CRITICAL 10.0

Tags

SQLi Iotsuite Starter Linux Docker Iot Edge Windows Iotsuite Growth Linux Docker Iotsuite Saas Composer Iot Edge Linux Docker

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Analysis

Critical SQL injection vulnerability in an internet-exposed service enabling unauthenticated extraction and manipulation of the entire database. CVSS 10.0 with scope change, EPSS 12.9% indicating high exploitation activity.

Technical Context

The service processes user input in SQL queries without parameterization (CWE-89). The maximum CVSS score with scope change indicates the attacker can impact systems beyond the vulnerable service.

Affected Products

See vendor advisory for affected versions

Remediation

Update to the latest version immediately. Apply WAF rules for SQL injection protection as an interim measure.

Priority Score

63
Low Medium High Critical
KEV: 0
EPSS: +12.9
CVSS: +50
POC: 0

Share

CVE-2025-52694 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy