← back
CVE-2025-47228

CVE-2025-47228

CVSS 6.7 MEDIUMEPSS 14.4%CWE-78
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
Affected products
ScriptCase · ScriptCase
public PoCs found1
exploitdbwww.exploit-db.com/exploits/52353unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228https://www.scriptcase.net/changelog/https://www.synacktiv.com/advisories/scriptcase-pre-authenticated-remote-command-execution