CVE-2025-1546

Name of the Vulnerable Software and Affected Versions BDCOM Behavior Management and Auditing System up to 20250210

Description A critical vulnerability has been found in the BDCOM Behavior Management and Auditing System. The issue affects the log operate clear function of the file /webui/modules/log/operate.mds. The manipulation of the start code argument leads to os command injection. This can be exploited remotely.

Recommendations For BDCOM Behavior Management and Auditing System up to 20250210, as a temporary workaround, consider restricting access to the log operate clear function of the file /webui/modules/log/operate.mds to minimize the risk of exploitation. Avoid using the start code argument in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.