CVE-2025-47227NVD

Vulnerability Summary

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.

Severity Level

HIGH(7.5)

Published Date

Jul 5, 2025

Last Modified

Jul 8, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-684: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityHigh

AvailabilityNone

External References

https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228
https://www.scriptcase.net/changelog/
https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

Critical Alert

CVE Watchtower

CVE-2025-47227NVD

Vulnerability Summary

External References