CVE-2025-47228

MEDIUM

Netmake ScriptCase <9.12.006 - Command Injection

Title source: llm

Description

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

Exploits (2)

exploitdb WORKING POC

by Alexandre ZANNI · pythonremotemultiple

https://www.exploit-db.com/exploits/52353

View Code ZIP pw:eip

github WORKING POC 9 stars

by synacktiv · pythonpoc

https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

[Various Sources] https://www.scriptcase.net/changelog/

[Various Sources] https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution

Scores

CVSS v3 6.7

EPSS 0.0519

EPSS Percentile 90.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-78

Status published

Products (1)

ScriptCase/ScriptCase < 9.12.006 (23)

Published Jul 05, 2025

Tracked Since Feb 18, 2026