CVE-2025-54379

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/lf-edge/ekuiper/commit/72c4918744934deebf04e324ae66933ec089ebd3	Patch
https://github.com/lf-edge/ekuiper/security/advisories/GHSA-526j-mv3p-f4vv	Exploit Vendor Advisory
https://github.com/lf-edge/ekuiper/security/advisories/GHSA-526j-mv3p-f4vv	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lfedge:ekuiper:2.1.5:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-07-24 23:15

Updated : 2025-10-10 21:37

NVD link : CVE-2025-54379

Mitre link : CVE-2025-54379

CVE.ORG link : CVE-2025-54379

JSON object : View

Products Affected

lfedge

ekuiper

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2025-54379", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-24T23:15:26.883", "references": [{"url": "https://github.com/lf-edge/ekuiper/commit/72c4918744934deebf04e324ae66933ec089ebd3", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/lf-edge/ekuiper/security/advisories/GHSA-526j-mv3p-f4vv", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/lf-edge/ekuiper/security/advisories/GHSA-526j-mv3p-f4vv", "tags": ["Exploit", "Vendor Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1."}, {"lang": "es", "value": "LF Edge eKuiper es un motor ligero de an\u00e1lisis de datos y procesamiento de flujos de IoT que se ejecuta en dispositivos edge con recursos limitados. En versiones anteriores a la 2.2.1, exist\u00eda una vulnerabilidad cr\u00edtica de inyecci\u00f3n SQL en la API getLast del proyecto eKuiper. Esta falla permite a atacantes remotos no autenticados ejecutar sentencias SQL arbitrarias en la base de datos SQLite subyacente manipulando el nombre de la tabla en una solicitud de API. Su explotaci\u00f3n puede provocar el robo, la corrupci\u00f3n o la eliminaci\u00f3n de datos, as\u00ed como la vulneraci\u00f3n total de la base de datos. Esto se ha corregido en la versi\u00f3n 2.2.1."}], "lastModified": "2025-10-10T21:37:36.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lfedge:ekuiper:2.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF8C0E2F-0B32-4D1E-89B8-05817F54BD4A"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}