CVE-2025-52694 | THREATINT

Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of affected product versions are advised to update to the latest versions immediately.

PUBLISHED Reserved 2025-06-19 | Published 2026-01-12 | Updated 2026-01-26 | Assigner CSA

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Product status

Default status

unknown

SaaSComposer prior to version V3.4.15

affected

IoTSuite Growth Linux docker prior to version V2.0.2

affected

IoTSuite Starter Linux docker prior to version V2.0.2

affected

IoT Edge Linux docker prior to version V2.0.2

affected

IoT Edge Windows prior to version V2.0.2

affected

WebAccess/SCADA prior to version V9.2.2

affected

WebAccess SaaS-Composer prior to version 3.4.15.1

affected

ECOWatch SaaS-Composer prior to version 3.4.15

affected

Credits

Loi Nguyen Thang finder

References

www.csa.gov.sg/...-and-advisories/alerts/alerts-al-2026-001/

cve.org (CVE-2025-52694)

nvd.nist.gov (CVE-2025-52694)

Download JSON