Skip to main content

Iotsuite Starter Linux Docker CVE-2025-52694

CRITICAL
SQL Injection (CWE-89)
2026-01-12 5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
SQLi Iotsuite Starter Linux Docker Iot Edge Windows Iotsuite Growth Linux Docker Iotsuite Saas Composer Iot Edge Linux Docker
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 12, 2026 - 03:16 nvd
CRITICAL 10.0

DescriptionCVE.org

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

AnalysisAI

Critical SQL injection vulnerability in an internet-exposed service enabling unauthenticated extraction and manipulation of the entire database. CVSS 10.0 with scope change, EPSS 12.9% indicating high exploitation activity.

Technical ContextAI

The service processes user input in SQL queries without parameterization (CWE-89). The maximum CVSS score with scope change indicates the attacker can impact systems beyond the vulnerable service.

RemediationAI

Update to the latest version immediately. Apply WAF rules for SQL injection protection as an interim measure.

Share

CVE-2025-52694 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy