CVE-2025-54379 is a critical SQL Injection vulnerability identified in LF Edge's eKuiper, a lightweight IoT data analytics and stream processing engine designed for resource-constrained edge devices. The vulnerability exists in versions prior to 2.2.1 within the getLast API functionality. Specifically, the flaw arises from improper neutralization of special elements used in SQL commands (CWE-89), allowing unauthenticated remote attackers to manipulate the table name input parameter in API requests. This manipulation enables execution of arbitrary SQL statements on the underlying SQLite database. Exploitation of this vulnerability can lead to severe consequences including unauthorized data access, data theft, corruption, deletion, and potentially full compromise of the database integrity and confidentiality. The vulnerability is notable because it requires no authentication or user interaction, making it highly accessible to attackers. The CVSS v4.0 base score is 8.9 (high severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits have been reported in the wild yet, the critical nature and ease of exploitation make it a significant threat. The issue is resolved in eKuiper version 2.2.1, and users are strongly advised to upgrade to this version or later to mitigate the risk.

For European organizations deploying LF Edge eKuiper on edge IoT devices, this vulnerability poses a substantial risk. Given the increasing adoption of IoT and edge computing in sectors such as manufacturing, smart cities, healthcare, and critical infrastructure across Europe, exploitation could lead to unauthorized disclosure of sensitive operational data, disruption of analytics processes, and potential sabotage of edge device functions. The ability to execute arbitrary SQL commands without authentication means attackers could manipulate or erase critical data streams, undermining decision-making processes and operational continuity. This could result in financial losses, regulatory non-compliance (especially under GDPR due to data breaches), reputational damage, and operational downtime. The lightweight nature of eKuiper and its deployment on resource-constrained devices may limit the ability to implement complex security controls, increasing exposure. Furthermore, the distributed nature of edge deployments means that a successful attack on one node could be a foothold for lateral movement or broader network compromise.

1. Immediate upgrade to eKuiper version 2.2.1 or later, where the vulnerability is patched, is the most effective mitigation. 2. Implement strict input validation and sanitization on all API inputs, especially those involving database queries, to prevent injection attacks. 3. Employ network segmentation and firewall rules to restrict access to edge device management APIs, limiting exposure to untrusted networks. 4. Monitor API usage logs for anomalous requests, particularly those attempting to manipulate table names or other SQL parameters. 5. Use runtime application self-protection (RASP) or database activity monitoring tools where feasible to detect and block suspicious SQL commands. 6. Enforce least privilege principles on database access credentials used by eKuiper to minimize potential damage if compromised. 7. Regularly audit and update IoT device firmware and software to ensure timely application of security patches. 8. Consider deploying Web Application Firewalls (WAF) or API gateways with SQL injection detection capabilities in front of edge APIs.