Skip to content

[GHSA-77r3-ghgf-32gr] Successful exploitation of the SQL injection... #6637

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
Winz18 wants to merge 1 commit into from
Closed

[GHSA-77r3-ghgf-32gr] Successful exploitation of the SQL injection... #6637

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 35 additions & 7 deletions advisories/unreviewed/2026/01/GHSA-77r3-ghgf-32gr/GHSA-77r3-ghgf-32gr.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,59 @@
{
"schema_version": "1.4.0",
"id": "GHSA-77r3-ghgf-32gr",
"modified": "2026-01-12T03:31:07Z",
"modified": "2026-01-12T03:31:14Z",
"published": "2026-01-12T03:31:07Z",
"aliases": [
"CVE-2025-52694"
],
"details": "Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.",
"summary": "CVE-2025-52694: Critical Unauthenticated SQL Injection in Advantech IoTSuite & IoT Edge products",
"details": "# GHSA-77r3-ghgf-32gr: Critical Unauthenticated SQL Injection in Advantech IoTSuite & IoT Edge products\n\n## Summary\nA **Critical** unauthenticated SQL Injection vulnerability has been identified in **Advantech IoTSuite and IoT Edge** products. This flaw allows remote attackers to execute arbitrary SQL commands via a specially crafted request to the affected endpoint, potentially leading to unauthorized data access, database modification, or Remote Code Execution (RCE).\n\n---\n\n## Vulnerability Information\n\n| Attribute | Details |\n| :--- | :--- |\n| **CVE ID** | CVE-2025-52694 |\n| **Severity** | **10.0 Critical** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) |\n| **Vulnerability Type** | CWE-89: Improper Neutralization of Special Elements used in an SQL Command |\n| **Affected Endpoint** | `/displays/{filename}.json?org_id=` |\n| **Vendor** | Advantech |\n\n## Technical Description\nThe vulnerability exists due to the lack of proper input validation and sanitization of the `{filename}` parameter within the URL path. This parameter is unsafely concatenated directly into a **PostgreSQL** query string.\n\n### Attack Vector & Mechanism\n* **Unauthenticated Access:** No prior authentication or specific user privileges are required to exploit this vulnerability.\n* **Injection Technique:** Attackers can utilize **stacked queries** to execute multiple SQL commands in a single request.\n* **Validation:** The vulnerability can be confirmed through time-based analysis using functions such as `pg_sleep()`.\n\n### Potential Impact\nSuccessful exploitation of this vulnerability could allow an attacker to:\n1. **Data Exfiltration:** Access and dump the entire PostgreSQL database contents.\n2. **Data Integrity Compromise:** Modify or delete sensitive system configurations and user data.\n3. **Full System Takeover:** In certain configurations, achieve **Remote Code Execution (RCE)** depending on the database service's operating system privileges.\n\n---\n\n## Affected Products and Versions\n\n| Product Name | Affected Version | Fixed Version |\n| :--- | :--- | :--- |\n| **IoTSuite SaaSComposer** | Prior to 3.4.15 | **3.4.15** |\n| **IoTSuite Growth Linux Docker** | Prior to V2.0.2 | **V2.0.2** |\n| **IoTSuite Starter Linux Docker** | Prior to V2.0.2 | **V2.0.2** |\n| **IoT Edge Linux Docker** | Prior to V2.0.2 | **V2.0.2** |\n| **IoT Edge Windows** | Prior to V2.0.2 | **V2.0.2** |\n\n---\n\n## Remediation Strategy\n\n### 1. Official Update\nAdvantech has released security patches for all affected products. It is **highly recommended** that administrators upgrade to the fixed versions (V2.0.2 or 3.4.15 respectively) immediately.\n\n### 2. Temporary Mitigations\nIf an immediate upgrade is not feasible, consider the following defensive measures:\n* **Network Segmentation:** Place affected IoT instances behind a VPN or within a restricted management network.\n* **WAF Implementation:** Deploy a Web Application Firewall (WAF) to filter and block malicious SQL injection patterns (e.g., `;`, `--`, `pg_sleep`).\n* **Principle of Least Privilege:** Ensure the database user account has the minimum necessary permissions to limit the impact of a potential breach.\n\n---\n",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"affected": [],
"affected": [
{
"package": {
"ecosystem": "GitHub Actions",
"name": ""
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
}
]
}
]
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52694"
"type": "WEB",
"url": "https://github.com/Winz18/CVE-2025-52694-POC"
},
{
"type": "PACKAGE",
"url": "https://wise-iot.advantech.com/en-int/marketplace/product/advantech.wise-paas-saas-composer"
},
{
"type": "WEB",
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001"
},
{
"type": "WEB",
"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-127"
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52694"
}
],
"database_specific": {
"cwe_ids": [],
"cwe_ids": [
"CWE-89"
],
"severity": "CRITICAL",
"github_reviewed": false,
"github_reviewed_at": null,
Expand Down
Loading