CVE-2025-47227 — Vulnetix

CVE-2025-47227 PUBLISHED CVSS 7.5 HIGH

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.

EPSS 3.43% · 87.7th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS Score

3.43%

87.7th percentile

Affected Products

Vendor	Product	Versions
ScriptCase	ScriptCase	0
scriptcase	scriptcase

Timeline

Jul 5, 2025 CVE Published
Jul 5, 2025 EPSS Score
Jul 5, 2025 Coalition ESS Score
Jul 5, 2025 Coalition ESS Score
Jul 5, 2025 PoC Published
Jul 7, 2025 CVE Updated
Jul 8, 2025 Coalition ESS Score
Jul 10, 2025 Coalition ESS Score
Jul 12, 2025 Coalition ESS Score
Jul 15, 2025 EPSS Score
Jul 15, 2025 Coalition ESS Score
Jul 16, 2025 Coalition ESS Score

References

https://www.scriptcase.net/changelog/ url
https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution url
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228 url
https://nvd.nist.gov/vuln/detail/CVE-2025-47227 advisory
https://www.scriptcase.net/changelog url

Open in Interactive Console →