cvedb.io
CVE-2025-54379
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-07-24T23:15:26.883 · Last modified 2026-06-17T09:39:57.217

Summary

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.

Affected products

lfedge — ekuiper

Does this affect you?

Add your gear to cvedb and we'll alert you only when lfedge ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.