{"cve":{"cve_id":"CVE-2025-52694","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.37867,"epss_percentile":0.98351,"epss_as_of":"2026-06-23","description":"Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.","published_at":"2026-01-12T02:27:16.744000Z","last_modified_at":null,"cvss_v3_score":10.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-89"],"nvd_references":["https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:27:26.287160Z"},"effective_severity":"CRITICAL","badges":["poc"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"SaaSComposer prior to version V3.4.15","version_start_inclusive":true,"version_end":"SaaSComposer prior to version V3.4.15","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:SaaSComposer prior to version V3.4.15:SaaSComposer prior to version V3.4.15"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"IoTSuite Growth Linux docker prior to version V2.0.2","version_start_inclusive":true,"version_end":"IoTSuite Growth Linux docker prior to version V2.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:IoTSuite Growth Linux docker prior to version V2.0.2:IoTSuite Growth Linux docker prior to version V2.0.2"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"IoTSuite Starter Linux docker prior to version V2.0.2","version_start_inclusive":true,"version_end":"IoTSuite Starter Linux docker prior to version V2.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:IoTSuite Starter Linux docker prior to version V2.0.2:IoTSuite Starter Linux docker prior to version V2.0.2"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"IoT Edge Linux docker prior to version V2.0.2","version_start_inclusive":true,"version_end":"IoT Edge Linux docker prior to version V2.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:IoT Edge Linux docker prior to version V2.0.2:IoT Edge Linux docker prior to version V2.0.2"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"IoT Edge Windows prior to version V2.0.2","version_start_inclusive":true,"version_end":"IoT Edge Windows prior to version V2.0.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:IoT Edge Windows prior to version V2.0.2:IoT Edge Windows prior to version V2.0.2"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"WebAccess/SCADA prior to version V9.2.2","version_start_inclusive":true,"version_end":"WebAccess/SCADA prior to version V9.2.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:WebAccess/SCADA prior to version V9.2.2:WebAccess/SCADA prior to version V9.2.2"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"WebAccess SaaS-Composer prior to version 3.4.15.1","version_start_inclusive":true,"version_end":"WebAccess SaaS-Composer prior to version 3.4.15.1","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:WebAccess SaaS-Composer prior to version 3.4.15.1:WebAccess SaaS-Composer prior to version 3.4.15.1"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"iotsuite-and-iot-edge-products","product_name":"IoTSuite and IoT Edge Products","version_start":"ECOWatch SaaS-Composer prior to version 3.4.15","version_start_inclusive":true,"version_end":"ECOWatch SaaS-Composer prior to version 3.4.15","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:iotsuite-and-iot-edge-products:ECOWatch SaaS-Composer prior to version 3.4.15:ECOWatch SaaS-Composer prior to version 3.4.15"}],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-52694.yaml","title":"Advantech WISE-IoTSuite/SaaS - SQL Injection","author":"Loi Nguyen Thang","disclosed_at":null}],"news":[],"references":[{"url":"https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2026-01-12T02:27:16.744000Z","label":"CVE published","source":null},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"cvss_changed","at":"2026-06-28T17:47:31.968567Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:31.968567Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:47:31.968567Z","label":"CVSS score revised","source":"cvelistv5"}]}