CVE-2025-47227

Published Jul 5, 2025

Last updated 10 days ago

CVSS high 7.5

Overview

Description
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity
HIGH

Weaknesses

cve@mitre.org
CWE-684

Social media

Hype score
Not currently trending

  1. CVE-2025-47227: In Netmake ScriptCase, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to https://t.co/aEbduijeDQ sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.

    @ZeroDayFacts

    17 Jul 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-47227 (CVSS:7.5, HIGH) is Awaiting Analysis. In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset me..https://t.co/QkMC71gRHa #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    10 Jul 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️Vulnerabilidades de ScriptCase ❗CVE-2025-47227 ➡️Más info: https://t.co/YOcs7PxQO5 https://t.co/dKtypXFzdg

    @CERTpy

    7 Jul 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #exploit #AppSec "ScriptCase - Pre-Authenticated RCE (CVE-2025-47227, CVE-2025-47228)", 2025. ]-> PoC Script - https://t.co/bjn5yGwrCn // Pre-auth RCE is achieved by chaining two vulnerabilities: the first is the ability to reset the administrator password of the prod consol

    @ksg93rd

    7 Jul 2025

    66 Impressions

    0 Retweets

    0 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-47227 In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a… https://t.co/ok8m75DHcA

    @CVEnew

    5 Jul 2025

    808 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.