CVE-2025-52694

Critical

Published: 12 January 2026

Published

12 January 2026

Modified

26 January 2026

KEV Added

—

Patch

—

CVSS Score 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.1280 94.1th percentile

Risk Priority 28 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-52694 is a critical-severity SQL Injection (CWE-89) vulnerability in Advantech Iot Edge Linux Docker. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the SQL injection vulnerability by requiring timely remediation of the identified flaw through patching to the latest product versions as recommended.

SI-10 Information Input Validation good match

prevent

Prevents SQL injection exploitation by enforcing validation of all information inputs to the vulnerable service, blocking malicious SQL commands.

SC-7 Boundary Protection partial match

preventdetect

Boundary protection mechanisms such as web application firewalls inspect and block SQL injection attempts targeting the Internet-exposed service.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

SQL injection in a public-facing internet-exposed service directly enables exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrators of…

affected product versions are advised to update to the latest versions immediately.

Deeper analysisAI

CVE-2025-52694 is a SQL injection vulnerability (CWE-89) that enables the execution of arbitrary SQL commands on affected services when exposed to the Internet. The flaw carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critical due to its potential to compromise data confidentiality, integrity, and availability. Specific affected software or components are detailed in the referenced advisory, with users and administrators of vulnerable product versions urged to apply updates.

An unauthenticated remote attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation grants the ability to execute arbitrary SQL commands, potentially leading to full compromise of the underlying database and service.

The Cyber Security Agency of Singapore advisory (AL-2026-001) recommends that users and administrators immediately update to the latest product versions to mitigate the risk.