CVE-2025-47227

Summary

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.

Affected Software

VendorProductVersion RangeStatus
ScriptCaseScriptCase0 <= 9.12.006 (23)affected

Weaknesses

  • CWE-684: CWE-684 Incorrect Provision of Specified Functionality

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

Additional References

References