CISA issues alert on BeeS BET portal SQL injection

The BeeS Examination Tool (BET) portal from BeeS Software Solutions contains a Structured Query Language (SQL) injection flaw in its website login functionality that can permit execution of arbitrary SQL commands against the portal’s backend database, with potential to alter stored data, expose student information, and enable further compromise of the hosting environment.

The issue is tracked as CVE-2025-14598 and affects the BET portal login functionality; the vulnerability arises from insufficient user input validation and enables arbitrary SQL injection. More than 100 universities use the BET portal, and each university operates its own instance of the BET portal that receives updates from BeeS Software Solutions.

An unauthenticated, remote attacker exploiting the flaw can obtain unauthorized database access, steal credentials, move laterally within infrastructure, acquire sensitive student and institutional data, and gain system-level access to the affected server.

BeeS Software Solutions issued a patch to all instances using the BET portal, modifying code, enabling input validation, and changing various security settings to prevent exploitation and unauthorized access, and all BET clients automatically received these changes. No actions are needed by clients, as configurations and updated dynamic link libraries (DLLs) have been automatically installed and updated through ePortal : Secure Build (October 2025). Testing indicates that the changes successfully mitigated the vulnerability.

Customers do not need to take action; the vendor applied updates automatically and testing by the vendor indicates the vulnerability has been mitigated.

Acronis partners with Hockey Club Davos and COOQIE in Switzerland

CISA alerts on antivirus and EDR failing to scan malformed ZIPs

Teradata Corporation adds agentic features to Enterprise Vector Store