CVE-2025-47228 | THREATINT

Description

In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.

PUBLISHED Reserved 2025-05-03 | Published 2025-07-05 | Updated 2025-07-07 | Assigner mitre

MEDIUM: 6.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unknown

Any version

affected

References

github.com/synacktiv/CVE-2025-47227_CVE-2025-47228 exploit

www.scriptcase.net/changelog/

www.synacktiv.com/...-authenticated-remote-command-execution

github.com/synacktiv/CVE-2025-47227_CVE-2025-47228

cve.org (CVE-2025-47228)

nvd.nist.gov (CVE-2025-47228)