Critical severity9.8NVD Advisory· Published Jul 24, 2025· Updated Jun 17, 2026
CVE-2025-54379
CVE-2025-54379
Description
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/lf-edge/ekuiper/v2Go | < 2.2.1 | 2.2.1 |
github.com/lf-edge/ekuiperGo | <= 1.14.7 | — |
Affected products
4- ghsa-coords3 versionspkg:golang/github.com/lf-edge/ekuiperpkg:golang/github.com/lf-edge/ekuiper/v2pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
<= 1.14.7+ 2 more
- (no CPE)range: <= 1.14.7
- (no CPE)range: < 2.2.1
- (no CPE)range: < 0.0.20250730T213748-1.1
Patches
Vulnerability mechanics
References
4- github.com/lf-edge/ekuiper/commit/72c4918744934deebf04e324ae66933ec089ebd3nvdPatchWEB
- github.com/lf-edge/ekuiper/security/advisories/GHSA-526j-mv3p-f4vvnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-526j-mv3p-f4vvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-54379ghsaADVISORY
News mentions
0No linked articles in our index yet.