CVE-2025-14598

CRITICAL

BeeS Software Solutions BET Portal - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-14598. PoCs published by Afnaan-Ahmed.

AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2025-14598, describing a critical SQL injection vulnerability in BET e-Portal that can lead to remote code execution under certain configurations. The document outlines the vulnerability's root cause, exploitation path, and mitigation strategies.

Description

BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. The vulnerability enables arbitrary SQL commands to be executed on the backend database.

Exploits (1)

nomisec WRITEUP
by Afnaan-Ahmed · poc
https://github.com/Afnaan-Ahmed/CVE-2025-14598

This repository contains a detailed writeup for CVE-2025-14598, describing a critical SQL injection vulnerability in BET e-Portal that can lead to remote code execution under certain configurations. The document outlines the vulnerability's root cause, exploitation path, and mitigation strategies.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: BET e-Portal (BeeS Software Solutions Pvt Ltd)
No auth needed
Prerequisites: Access to the login page of BET e-Portal · Database configuration allowing extended procedures (e.g., xp_cmdshell) for RCE
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory
https://github.com/Afnaan-Ahmed/CVE-2025-14598

Scores

CVSS v3 9.8
EPSS 0.0069
EPSS Percentile 47.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
cloudilyaerp/bet_e-portal
Published Jan 09, 2026
Tracked Since Feb 18, 2026