CVE-2025-47228

Name of the Vulnerable Software and Affected Versions: Netmake ScriptCase versions 9.12.006 and earlier

Description: The issue allows authenticated attackers to execute system commands via crafted HTTP requests due to shell injection in the SSH connection settings. Additionally, there is a mishandled Administrator password reset mechanism that can be exploited by making both a GET and a POST request to "login.php", allowing an unauthenticated attacker to bypass authentication via administrator account takeover.

Recommendations: For versions 9.12.006 and earlier, as a temporary workaround, consider disabling the SSH connection settings in the Production Environment extension until a patch is available. Restrict access to the "login.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.