A critical remote code execution (RCE) vulnerability, identified as CVE-2025-60785, has been discovered in the Postgres Drivers component utilized by iceScrum v7. This high-severity flaw could allow a remote, unauthenticated attacker to execute arbitrary code on the server, potentially leading to a full system compromise, data theft, and service disruption. Organizations using the affected software are urged to apply security patches immediately to mitigate this significant risk.

This vulnerability is a remote code execution (RCE) flaw that exists due to improper input validation within the Postgres database driver. An unauthenticated remote attacker can exploit this by sending a specially crafted request to the iceScrum application. The application, in turn, passes this malicious data to the vulnerable driver, which fails to sanitize it, leading to code execution with the privileges of the application's service account on the underlying server.

This vulnerability is classified as High severity with a CVSS score of 8.8. Successful exploitation could result in a complete compromise of the affected server, granting an attacker full control. The potential consequences include unauthorized access to and exfiltration of sensitive project data, intellectual property, and customer information (loss of confidentiality); modification or deletion of critical data (loss of integrity); and complete service unavailability (loss of availability). This could lead to significant financial loss, reputational damage, and regulatory penalties.

Immediate Action: Apply the security patches provided by the vendor to all affected systems immediately, prioritizing internet-facing instances of iceScrum v7. After patching, it is crucial to review application and system access logs for any signs of compromise or unusual activity preceding the patch application.

Proactive Monitoring: Implement enhanced monitoring to detect potential exploitation attempts. Security teams should look for:

• Anomalous or malformed queries in application and database logs.
• Unexpected processes being spawned by the iceScrum application server process.
• Unusual outbound network connections originating from the application server, which could indicate a reverse shell or data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce the risk of exploitation:

• Place a Web Application Firewall (WAF) in front of the application to inspect and block malicious requests that match known attack patterns.
• Restrict network access to the iceScrum application server and its database to only trusted IP addresses.
• Enforce egress filtering to block unexpected outbound connections from the server, preventing command-and-control communication.

Public Exploit Available: false

Due to the critical risk of remote code execution (CVSS 8.8), this vulnerability requires immediate attention. We strongly recommend that all organizations apply the necessary security patches to affected systems without delay, starting with those exposed to the internet. Although this CVE is not currently listed on the CISA KEV list, its high impact warrants treating it with the highest priority to prevent potential system compromise and data breaches.