CVE-2025-54379 is a critical SQL Injection vulnerability identified in LF Edge's eKuiper, a lightweight IoT data analytics and stream processing engine designed for resource-constrained edge devices. The vulnerability exists in versions prior to 2.2.1 within the getLast API functionality. Specifically, the flaw arises due to improper neutralization of special elements used in SQL commands (CWE-89), allowing unauthenticated remote attackers to manipulate the table name input parameter in API requests. This manipulation enables attackers to execute arbitrary SQL statements on the underlying SQLite database without any authentication or user interaction. The consequences of exploitation include unauthorized data theft, corruption, deletion, and potentially full compromise of the database. Given the nature of eKuiper as an edge analytics engine, the compromised data could include sensitive IoT telemetry, operational data, or control commands, which may impact the integrity and availability of IoT deployments. The vulnerability has a CVSS 4.0 base score of 8.9 (high severity), reflecting network attack vector, no required privileges or user interaction, and high impact on confidentiality, integrity, and availability. The issue was publicly disclosed on July 24, 2025, and fixed in version 2.2.1 of eKuiper. No known exploits in the wild have been reported yet, but the ease of exploitation and critical impact make it a significant threat to affected deployments.

For European organizations deploying LF Edge eKuiper on edge devices, this vulnerability poses a substantial risk. IoT deployments in sectors such as manufacturing, energy, smart cities, and transportation often rely on edge analytics for real-time data processing and decision-making. Exploitation could lead to unauthorized access to sensitive operational data, manipulation or deletion of critical IoT data streams, and disruption of automated processes. This can result in operational downtime, safety hazards, regulatory non-compliance (especially under GDPR if personal data is involved), and financial losses. The unauthenticated nature of the vulnerability increases the attack surface, allowing remote attackers to compromise devices without insider access. Given the increasing adoption of edge computing in Europe, the vulnerability could affect critical infrastructure and industrial control systems, amplifying potential consequences.

European organizations should immediately assess their deployments of eKuiper and identify any instances running versions prior to 2.2.1. The primary mitigation is to upgrade all affected eKuiper instances to version 2.2.1 or later, where the vulnerability is patched. In addition, organizations should implement network-level controls to restrict access to the eKuiper API endpoints, limiting exposure to trusted networks or VPNs. Employing Web Application Firewalls (WAFs) with SQL injection detection rules can provide an additional layer of defense. Monitoring and logging API requests for unusual patterns or unexpected table name parameters can help detect attempted exploitation. For environments where immediate patching is not feasible, consider isolating vulnerable devices from untrusted networks and applying strict ingress filtering. Finally, organizations should review and harden IoT device security policies, including regular vulnerability scanning and incident response readiness specific to edge computing components.