CVE-2025-47227

HIGH

Netmake ScriptCase <9.12.006 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-47227. PoCs published by synacktiv, Outs1d3r-Net.

AI-analyzed exploit summary This repository contains a functional exploit for chaining CVE-2025-47227 (password reset bypass) and CVE-2025-47228 (authenticated RCE) in ScriptCase. The exploit automates session preparation, CAPTCHA solving via OCR, password reset, and command execution.

Description

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.

Exploits (3)

nomisec WORKING POC 9 stars
by synacktiv · poc
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

This repository contains a functional exploit for chaining CVE-2025-47227 (password reset bypass) and CVE-2025-47228 (authenticated RCE) in ScriptCase. The exploit automates session preparation, CAPTCHA solving via OCR, password reset, and command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ScriptCase (Production Environment module 1.0.003-build-2, included in ScriptCase 9.12.006)
No auth needed
Prerequisites: Network access to the target ScriptCase instance · CAPTCHA solving (automated via OCR or manual input)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC
by Outs1d3r-Net · pythonpoc
https://github.com/Outs1d3r-Net/CVE-2025-47227

This repository contains a functional exploit for CVE-2025-47227, a pre-authentication password reset vulnerability in ScriptCase Production Environment. The exploit automates the process of resetting the admin password by bypassing authentication and solving a CAPTCHA, either manually or via OpenAI's vision API.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: ScriptCase Production Environment ≤ 9.12.006
No auth needed
Prerequisites: Target URL · New password to set · CAPTCHA solution (manual or OpenAI API key)
devstral-2 · analyzed May 29, 2026 Full analysis →
github WORKING POC
by Outs1d3r-Net · pythonpoc
https://github.com/Outs1d3r-Net/cve_2025_47227

This repository contains a functional exploit for CVE-2025-47227, a pre-authentication password reset vulnerability in ScriptCase Production Environment ≤ 9.12.006. The exploit automates the process of resetting the admin password by bypassing authentication and solving a CAPTCHA.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: ScriptCase Production Environment ≤ 9.12.006
No auth needed
Prerequisites: Target URL · New password to set · CAPTCHA solution (auto-solve or manual input)
devstral-2 · analyzed May 28, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.5
EPSS 0.0343
EPSS Percentile 87.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-684
Status published
Products (1)
ScriptCase/ScriptCase < 9.12.006 (23)
Published Jul 05, 2025
Tracked Since Feb 18, 2026