Cve 2025 47227 Cve 2025 47228
by Synacktiv
Source repositories
CVEs (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47227 | Hig | 0.49 | 7.5 | 0.03 | Jul 5, 2025 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover. | |
| CVE-2025-47228 | Med | 0.47 | 6.7 | 0.10 | Jul 5, 2025 | In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests. |