CVE-2025-47227

Name of the Vulnerable Software and Affected Versions Netmake ScriptCase versions prior to 9.12.006 (23)

Description The Production Environment extension contains a flaw in the administrator password reset mechanism. An unauthenticated remote attacker can bypass authentication and take over the administrator account by sending specifically crafted GET and POST requests to the 'login.php' endpoint. This issue may be chained with other flaws to achieve remote code execution (RCE), which is the ability to execute arbitrary commands on the target server.

Recommendations Update to a version later than 9.12.006 (23). Restrict access to the production console to minimize the risk of exploitation.