CVE-2025-54379: 
vulnerability analysis and mitigation

LF Edge eKuiper, a lightweight IoT data analytics and stream processing engine, was found to contain a critical SQL Injection vulnerability (CVE-2025-54379) in versions before 2.2.1. The vulnerability was discovered in July 2025 and affects the getLast API functionality of the project. This security flaw impacts systems running eKuiper on resource-constrained edge devices (NVD).

The vulnerability stems from improper input validation in the getLast API functionality where unsanitized user-controlled input is used when constructing SQL queries using fmt.Sprintf. The CVSS v4.0 score is 8.9 (HIGH) with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P. The flaw is classified as CWE-89: Improper Neutralization of Special Elements used in an SQL Command (GitHub Advisory).

The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database. Successful exploitation can lead to data theft, corruption, or deletion, and potentially full database compromise. The attack can be launched remotely without requiring any special privileges (GitHub Advisory).

The vulnerability has been fixed in version 2.2.1 of eKuiper. Users are strongly advised to upgrade to this version. The fix includes proper validation of table names before using them in SQL queries, as evidenced by the commit that implements input validation checks (GitHub Commit).