Unrated severityNVD Advisory· Published Jan 12, 2026· Updated Jan 26, 2026

Execution of arbitrary SQL commands

CVE-2025-52694

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

Affected products

Advantech/IoTSuite and IoT Edge Productsv5
Range: SaaSComposer prior to version V3.4.15

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.010
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000