PYSEC-2025-241

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/ekuiper/PYSEC-2025-241.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2025-241
Aliases
Published
2025-07-24T23:15:26.883Z
Modified
2026-07-13T07:26:48.172426599Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.

References

Affected packages

PyPI / ekuiper

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.1.5

Affected versions

0.*
0.0.1.post1529761077
0.0.1.post1640190752
0.0.1.post1656951467
0.0.1.post1661454534
0.0.1.post1707338123
0.0.1.post1926549727
0.0.1.post2080668443
0.0.1.post2238139389
0.0.1.post2474892687
0.0.1.post2757722354
0.0.1.post2910672767
0.0.1.post2911616762
0.0.1.post3144438011
0.0.1.post3239329472
0.0.1.post3334144675
0.0.1.post3334852441
0.0.1.post3410331757
0.0.1.post3411321026
0.0.1.post3495668732
0.0.1.post3545948676
0.0.1.post3712037225
0.0.1.post3764011091
0.0.1.post3936265927
0.0.1.post3954842791
0.0.1.post4180521993
0.0.1.post4435707843
0.0.1.post4562358382
0.0.1.post4720014312
0.0.1.post5010322351
0.0.1.post5065833905
0.0.1.post5265725915
0.0.1.post5484225879
0.0.1.post5899657036
0.0.1.post6045113904
0.0.1.post6144238120
0.0.1.post6453363172
0.0.1.post6555916078
0.0.1.post6820182077
0.0.1.post7205401650
0.0.1.post7257106983
0.0.1.post7404344961
0.0.1.post7405252226
0.0.1.post7458781898
0.0.1.post7797037221
0.0.1.post7983964087
0.0.1.post8014428509
0.0.1.post8150341330
0.0.1.post8273699428
0.0.1.post8319707068
0.0.1.post8478752636
0.0.1.post8782256682
0.0.1.post8813247801
0.0.1.post8829897389
0.0.1.post9220188115
0.0.1.post9638601298
0.0.1.post9690215560
0.0.1.post9736400841
0.0.1.post10035392509
0.0.1.post10469657945
0.0.1.post10592133245
0.0.1.post10917063435
0.0.1.post11433945270
0.0.1.post11434361037
0.0.1.post11771214162
0.0.1.post12369050331
0.0.1.post14569587727
0.0.1.post15011016639
0.0.1.post15265245754
0.0.1.post16017439871
0.0.1.post16212420887
0.0.1.post16436220442
0.0.1.post17425391204
0.0.1.post17934265679
0.0.1.post18767826745
0.0.1.post19563876430
0.0.1.post24644496127
0.0.1.post24975255951
0.0.1.post26427369374
1.*
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.5.0
1.5.1
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.8.0
1.8.1
1.8.2
1.9.0
1.9.1
1.9.2
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.12.0
1.12.1
1.12.2
1.12.3
1.12.4
1.12.5
1.12.6
1.12.7
1.12.8
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.14.7
2.*
2.1.2
2.1.3
2.1.4
2.1.5

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/ekuiper/PYSEC-2025-241.yaml"