CVE-2025-47228

medium

Description

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

References

https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution

https://www.scriptcase.net/changelog/

https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

Details

Source: Mitre, NVD

Published: 2025-07-05

Updated: 2025-07-08

Risk Information

CVSS v2

Base Score: 8

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 6.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Severity: Medium

EPSS

EPSS: 0.00063

Detections

Analytics