CVE-2025-60785 – A remote code execution vulnerability in iceScr... (How to Fix)

Q: What is the severity of CVE-2025-60785?

CVE-2025-60785 has a CVSS score of 8.8 (HIGH). A remote code execution vulnerability in iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code through a crafted HTML page targeting the Postgres Drivers component. This affects organizations using the vulnerable version of iceScrum Pro On-prem, potentially compromising their entire application server.

📋 TL;DR

A remote code execution vulnerability in iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code through a crafted HTML page targeting the Postgres Drivers component. This affects organizations using the vulnerable version of iceScrum Pro On-prem, potentially compromising their entire application server.

💻 Affected Systems

Products:

iceScrum Pro On-prem

Versions: v7.54

Operating Systems: All platforms running iceScrum

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Pro On-prem edition; Community and Cloud editions are not affected based on available information.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Attackers gain shell access to the application server, potentially accessing database credentials, modifying application data, and disrupting service availability.

🟢

If Mitigated

Attack is blocked by network segmentation, web application firewalls, or proper input validation, limiting impact to isolated components.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious HTML page that triggers the vulnerability in the Postgres Drivers component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Monitor iceScrum vendor channels for security updates. 2. Apply the official patch when available. 3. Restart the iceScrum application service after patching.

🔧 Temporary Workarounds

Restrict HTML Input

all

Implement strict input validation to reject or sanitize HTML content in user inputs.

Network Segmentation

all

Isolate iceScrum servers from critical infrastructure and implement strict firewall rules.

🧯 If You Can't Patch

Implement a web application firewall (WAF) with rules to detect and block HTML-based exploitation attempts.
Disable or restrict access to iceScrum from untrusted networks and implement strict authentication controls.

🔍 How to Verify

Check if Vulnerable:

Check iceScrum version in administration panel or configuration files for v7.54 Pro On-prem.

Check Version:

Check application.properties or iceScrum admin interface for version information.

Verify Fix Applied:

Verify version has been updated beyond v7.54 and test with controlled HTML input validation.

📡 Detection & Monitoring

Log Indicators:

Unusual HTML payloads in request logs
Unexpected process execution from iceScrum
Database connection errors or unusual queries

Network Indicators:

Suspicious outbound connections from iceScrum server
Unexpected network traffic patterns

SIEM Query:

source="iceScrum" AND (message="*HTML*" OR message="*Postgres*" OR message="*execution*")

📊 Metadata

CVE ID: CVE-2025-60785

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: November 3, 2025

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://zdaylabs.com/CVE-2025-60785.html Third Party Advisory,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60785, you might also want to check these: