CVE-2025-60785 is a remote code execution (RCE) vulnerability identified in the Postgres Drivers component of iceScrum v7.54 Pro On-prem, a project management tool widely used for agile software development. The vulnerability arises from improper handling of input within the Postgres Drivers, allowing an attacker to execute arbitrary code on the host system by delivering a specially crafted HTML page. This attack vector requires no prior authentication but does require the victim to interact with the malicious content, typically by visiting a malicious or compromised webpage. The vulnerability is classified under CWE-94, indicating unsafe code injection or improper control of code generation. The CVSS v3.1 base score is 8.8, reflecting high severity due to its network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact includes full compromise of confidentiality, integrity, and availability of the affected system, as arbitrary code execution can lead to data theft, system manipulation, or denial of service. No patches or fixes have been published at the time of disclosure, and no known exploits have been observed in the wild, though the potential for exploitation remains significant given the nature of the vulnerability. Organizations using iceScrum Pro On-prem with Postgres Drivers should consider this a critical risk and prepare for rapid patch deployment once available.

For European organizations, the impact of CVE-2025-60785 is substantial. iceScrum is popular among software development teams for agile project management, and many enterprises rely on its on-premises Pro version integrated with Postgres databases. Successful exploitation could lead to complete system compromise, exposing sensitive project data, intellectual property, and potentially enabling lateral movement within corporate networks. This could disrupt development workflows, cause data breaches, and lead to regulatory non-compliance under GDPR due to unauthorized data access. The requirement for user interaction means phishing or social engineering campaigns could be used to trigger the exploit, increasing risk in organizations with less mature security awareness. The lack of an available patch increases exposure time, necessitating immediate defensive measures. The vulnerability could also be leveraged to deploy ransomware or other malware, amplifying operational and financial damage.

1. Immediately restrict external access to iceScrum Pro On-prem instances, especially those using Postgres Drivers, by implementing network segmentation and firewall rules limiting inbound traffic to trusted sources. 2. Educate users about the risk of interacting with untrusted HTML content and implement robust phishing awareness training to reduce the likelihood of user interaction with malicious pages. 3. Employ web filtering and URL reputation services to block access to known malicious or suspicious websites that could host the crafted HTML exploit. 4. Monitor network and host logs for unusual activity indicative of exploitation attempts, such as unexpected code execution or anomalous database queries. 5. Prepare for rapid deployment of patches or updates once released by iceScrum vendors; maintain close communication with vendor advisories. 6. Consider deploying application-layer protections such as Web Application Firewalls (WAFs) configured to detect and block exploit attempts targeting the Postgres Drivers component. 7. Conduct regular security assessments and penetration tests focusing on the iceScrum environment to identify and remediate potential weaknesses.