CVE-2025-54379: 
vulnerability analysis and mitigation

LF Edge eKuiper, a lightweight IoT data analytics and stream processing engine for resource-constrained edge devices, was found to contain a critical SQL Injection vulnerability (CVE-2025-54379) in versions before 2.2.1. The vulnerability was discovered in the getLast API functionality, affecting the system's data security. The issue was disclosed on July 24, 2025, and has been assigned a CVSS v4.0 score of 8.9 (HIGH) (NVD, GitHub Advisory).

The vulnerability stems from improper input validation in the getLast API functionality where user-controlled table name parameters are directly interpolated into SQL queries using fmt.Sprintf without proper sanitization. The affected code constructs SQL queries like 'SELECT * FROM %s ORDER BY rowid DESC LIMIT 1' where the table parameter is not validated, allowing for SQL injection attacks. The vulnerability has been assigned CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (GitHub Advisory).

The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database. Successful exploitation can lead to data theft, corruption, or deletion, potentially resulting in full database compromise. The high severity rating (CVSS v4.0 score of 8.9) reflects the significant potential impact on system security (NVD).

The vulnerability has been fixed in version 2.2.1 of eKuiper. The fix includes proper validation of table names and improved SQL query handling. Users are strongly advised to upgrade to version 2.2.1 or later to address this security issue (GitHub Commit).