CVE-2025-47228 — Vulnetix

CVE-2025-47228 PUBLISHED CVSS 6.699999809265137 MEDIUM

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

EPSS 9.96% · 93.2th percentile

Risk Scores

CVSS v3.1

6.699999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

EPSS Score

9.96%

93.2th percentile

Affected Products

Vendor	Product	Versions
ScriptCase	ScriptCase	0
scriptcase	scriptcase

Timeline

Jul 5, 2025 CVE Published
Jul 5, 2025 EPSS Score
Jul 5, 2025 Coalition ESS Score
Jul 5, 2025 Coalition ESS Score
Jul 5, 2025 PoC Published
Jul 7, 2025 Coalition ESS Score
Jul 7, 2025 CVE Updated
Jul 8, 2025 Coalition ESS Score
Jul 9, 2025 PoC Published
Jul 11, 2025 EPSS Score
Jul 12, 2025 Coalition ESS Score
Jul 14, 2025 Coalition ESS Score

References

https://www.scriptcase.net/changelog/ url
https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution url
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228 url
https://nvd.nist.gov/vuln/detail/CVE-2025-47228 advisory
https://www.scriptcase.net/changelog url

Open in Interactive Console →