[GHSA-77r3-ghgf-32gr] Successful exploitation of the SQL injection... #6637
Conversation
github-actions
bot
changed the base branch from
main
to
Winz18/advisory-improvement-6637
There was a problem hiding this comment.
Pull request overview
This pull request updates the security advisory GHSA-77r3-ghgf-32gr for CVE-2025-52694, a critical SQL injection vulnerability in Advantech IoTSuite and IoT Edge products. The reporter is adding comprehensive technical details, affected product information, and remediation guidance based on their original research.
Changes:
- Added detailed vulnerability summary and technical description with exploitation mechanisms
- Updated CWE classification to CWE-89 (SQL Injection)
- Modified references to include POC repository and official CSA advisory
- Added affected products section with ecosystem and version range information
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
Show resolved
Hide resolved
advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
Show resolved
Hide resolved
advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
Show resolved
Hide resolved
|
Hi @Winz18, thanks for the contribution. Unfortunately we can't accept this change because the affected products, Advantech IoTSuite & IoT Edge appear to be enterprise software. If you can point to a package in a supported open-source registry, we can reevaluate. Thank you for helping improve the database. |
Updates
Comments
I am reporter of this CVE, Loi Nguyen Thang, see the credits section in this advisory of CSA for details:
https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/
My PoC for vulnerability verifying:
https://github.com/Winz18/CVE-2025-52694-POC