CVE-2025-47228NVD

Vulnerability Summary

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

Severity Level

MEDIUM(6.7)

Published Date

Jul 5, 2025

Last Modified

Jul 8, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityLow

External References

https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228
https://www.scriptcase.net/changelog/
https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

Critical Alert

CVE Watchtower

CVE-2025-47228NVD

Vulnerability Summary

External References