CVE-2025-52694

CRITICAL NUCLEI

Advantech Iot Edge Linux Docker < 2.0.2 - SQL Injection

Title source: rule

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Exploits (1)

nomisec WORKING POC 3 stars

by Winz18 · poc

https://github.com/Winz18/CVE-2025-52694-POC

View Code ZIP pw:eip

Nuclei Templates (1)

Advantech WISE-IoTSuite/SaaS - SQL Injection

CRITICALVERIFIEDby Loi Nguyen Thang

Shodan: title:"SaaS Composer"

FOFA: title="SaaS Composer"

References (1)

[Mitigation, Third Party Advisory] https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/

Scores

CVSS v3 10.0

EPSS 0.1653

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (5)

advantech/iot_edge_linux_docker < 2.0.2

advantech/iot_edge_windows < 2.0.2

advantech/iotsuite_growth_linux_docker < 2.0.2

advantech/iotsuite_saas_composer < 3.4.15

advantech/iotsuite_starter_linux_docker < 2.0.2

Timeline

Published Jan 12, 2026

Tracked Since Feb 18, 2026