diff --git a/advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json b/advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
index b585b67fa810c..83ee3b941984f 100644
--- a/advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
+++ b/advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
@@ -1,31 +1,59 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-77r3-ghgf-32gr",
-  "modified": "2026-01-12T03:31:07Z",
+  "modified": "2026-01-12T03:31:14Z",
   "published": "2026-01-12T03:31:07Z",
   "aliases": [
     "CVE-2025-52694"
   ],
-  "details": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.",
+  "summary": "CVE-2025-52694: Critical Unauthenticated SQL Injection in Advantech IoTSuite & IoT Edge products",
+  "details": "# GHSA-77r3-ghgf-32gr: Critical Unauthenticated SQL Injection in Advantech IoTSuite & IoT Edge products\n\n## Summary\nA **Critical** unauthenticated SQL Injection vulnerability has been identified in **Advantech IoTSuite and IoT Edge** products. This flaw allows remote attackers to execute arbitrary SQL commands via a specially crafted request to the affected endpoint, potentially leading to unauthorized data access, database modification, or Remote Code Execution (RCE).\n\n---\n\n## Vulnerability Information\n\n| Attribute | Details |\n| :--- | :--- |\n| **CVE ID** | CVE-2025-52694 |\n| **Severity** | **10.0 Critical** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) |\n| **Vulnerability Type** | CWE-89: Improper Neutralization of Special Elements used in an SQL Command |\n| **Affected Endpoint** | `/displays/{filename}.json?org_id=` |\n| **Vendor** | Advantech |\n\n## Technical Description\nThe vulnerability exists due to the lack of proper input validation and sanitization of the `{filename}` parameter within the URL path. This parameter is unsafely concatenated directly into a **PostgreSQL** query string.\n\n### Attack Vector & Mechanism\n* **Unauthenticated Access:** No prior authentication or specific user privileges are required to exploit this vulnerability.\n* **Injection Technique:** Attackers can utilize **stacked queries** to execute multiple SQL commands in a single request.\n* **Validation:** The vulnerability can be confirmed through time-based analysis using functions such as `pg_sleep()`.\n\n### Potential Impact\nSuccessful exploitation of this vulnerability could allow an attacker to:\n1. **Data Exfiltration:** Access and dump the entire PostgreSQL database contents.\n2. **Data Integrity Compromise:** Modify or delete sensitive system configurations and user data.\n3. **Full System Takeover:** In certain configurations, achieve **Remote Code Execution (RCE)** depending on the database service's operating system privileges.\n\n---\n\n## Affected Products and Versions\n\n| Product Name | Affected Version | Fixed Version |\n| :--- | :--- | :--- |\n| **IoTSuite SaaSComposer** | Prior to 3.4.15 | **3.4.15** |\n| **IoTSuite Growth Linux Docker** | Prior to V2.0.2 | **V2.0.2** |\n| **IoTSuite Starter Linux Docker** | Prior to V2.0.2 | **V2.0.2** |\n| **IoT Edge Linux Docker** | Prior to V2.0.2 | **V2.0.2** |\n| **IoT Edge Windows** | Prior to V2.0.2 | **V2.0.2** |\n\n---\n\n## Remediation Strategy\n\n### 1. Official Update\nAdvantech has released security patches for all affected products. It is **highly recommended** that administrators upgrade to the fixed versions (V2.0.2 or 3.4.15 respectively) immediately.\n\n### 2. Temporary Mitigations\nIf an immediate upgrade is not feasible, consider the following defensive measures:\n* **Network Segmentation:** Place affected IoT instances behind a VPN or within a restricted management network.\n* **WAF Implementation:** Deploy a Web Application Firewall (WAF) to filter and block malicious SQL injection patterns (e.g., `;`, `--`, `pg_sleep`).\n* **Principle of Least Privilege:** Ensure the database user account has the minimum necessary permissions to limit the impact of a potential breach.\n\n---\n",
   "severity": [
     {
       "type": "CVSS_V3",
       "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
     }
   ],
-  "affected": [],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "GitHub Actions",
+        "name": ""
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52694"
+      "type": "WEB",
+      "url": "https://github.com/Winz18/CVE-2025-52694-POC"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://wise-iot.advantech.com/en-int/marketplace/product/advantech.wise-paas-saas-composer"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001"
     },
     {
       "type": "WEB",
-      "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-127"
+      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52694"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-89"
+    ],
     "severity": "CRITICAL",
     "github_reviewed": false,
     "github_reviewed_at": null,