CVE-2025-47227

HIGH

Netmake ScriptCase <9.12.006 - Auth Bypass

Title source: llm

Description

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.

Exploits (1)

nomisec WORKING POC 9 stars
by synacktiv · poc
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

References (3)

Scores

CVSS v3 7.5
EPSS 0.0209
EPSS Percentile 84.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-684
Status published
Products (1)
ScriptCase/ScriptCase < 9.12.006 (23)
Published Jul 05, 2025
Tracked Since Feb 18, 2026