VYPR
Critical severity9.8NVD Advisory· Published Jul 24, 2025· Updated Jun 17, 2026

CVE-2025-54379

CVE-2025-54379

Description

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/lf-edge/ekuiper/v2Go
< 2.2.12.2.1
github.com/lf-edge/ekuiperGo
<= 1.14.7

Affected products

4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.