CVE-2025-52694

high-risk

Published 2026-01-12

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Do I need to act?

13.8% chance of exploitation in next 30 days

EPSS score — higher than 86% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 10.0/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Iot Edge Linux Docker

Iot Edge Windows

Iotsuite Growth Linux Docker

Iotsuite Saas Composer

Iotsuite Starter Linux Docker

Affected Vendors

Advantech

References (1)

Mitigation https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 12/34 · Low

Exposure 12/34 · Low