Warning: Critical severity vulnerability in Advantech IoTSuite and IoT Edge Products, Patch Immediately!

Image
Decorative image
Published : 14/01/2026
  • Last update: 14/01/2026
  • Affected software:
    → IoTSuite SaaSComposer prior to version 3.4.15
    → IoTSuite Growth Linux docker prior to version V2.0.2
    → IoTSuite Starter Linux docker prior to version V2.0.2
    → IoT Edge Linux docker prior to version V2.0.2
    → IoT Edge Windows prior to version V2.0.2
  • Type: CWE-189: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • CVE/CVSS
    → CVE-2025-52694: CVSS 10 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Sources

https://advcloudfiles.advantech.com/cms/0df6bab9-799f-417f-9304-88ff73e5b7b7/Security%20Advisory%20PDF%20File/Vulnerabilities-Identified-in--IoTSuite-3D-Visualization-%28SaaS-Composer%29.pdf

Risks

A critical severity SQL Injection vulnerability was disclosed affecting Advantech IoTSuite and IoT Edge products. Successful exploitation allows an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service. This has a critical impact on the Confidentiality, Integrity, and Availability of the system, potentially granting full control over the database and connected systems.

Description

CVE-2025-52694, CVSS: 10.0
A SQL injection vulnerability exists in multiple Advantech IoTSuite and IoT Edge products. The vulnerability stems from improper validation of user-supplied input. When the service is exposed to the internet, an unauthenticated attacker can exploit this flaw to inject malicious SQL queries. This could result in data exfiltration, modification of database contents, or administrative access to the application.

This issue affects the following versions:

  • IoTSuite SaaSComposer prior to version 3.4.15
  • IoTSuite Growth Linux docker prior to version V2.0.2
  • IoTSuite Starter Linux docker prior to version V2.0.2
  • IoT Edge Linux docker prior to version V2.0.2
  • IoT Edge Windows prior to version V2.0.2

The vendor has released updates to address these vulnerabilities.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-52694
https://www.csa.gov.sg/alerts-and-advisories/alerts/alerts-al-2026-001/