CVE-2025-1546 | BDCOM Behavior Management and Auditing System up to 20250210 operate.mds log_operate_clear start_code os command injection

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Affected by this vulnerability is the function log_operate_clear of the file /webui/modules/log/operate.mds. The manipulation of the argument start_code leads to os command injection.

This vulnerability is known as CVE-2025-1546. The attack can be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-1546 | BDCOM Behavior Management and Auditing System up to 20250210 operate.mds log_operate_clear start_code os command injection

Related Posts

CVE-2024-45756 | Centreon centreon-open-tickets up to 22.10.1/23.04.2/23.10.0/24.04.1 Ticket sql injection

CVE-2024-45714 | SolarWinds Serv-U up to 15.4.2 HF2 cross site scripting

CVE-2024-3312 | Easy Custom Auto Excerpt Plugin up to 2.4.12 on WordPress information disclosure

CVE-2024-49229 | Arif Nezami Better Author Bio Plugin up to 2.7.10.11 on WordPress cross-site request forgery