CVE-2025-54366

FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the application processes the attachments_all and attachments POST parameters through the insecure Helper::decrypt() function, which performs unsafe deserialization of user-controlled data without proper validation. This flaw enables attackers to create arbitrary objects and manipulate their properties, leading to complete compromise of the web application. This is fixed in version 1.8.186.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9	Patch
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*

History

11 Sep 2025, 15:54

Type	Values Removed	Values Added
CPE		cpe:2.3:a:freescout:freescout::::::::
References	~~() https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9 -~~	() https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9 - Patch
References	~~() https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj -~~	() https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj - Exploit, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Freescout Freescout freescout

29 Jul 2025, 14:14

Type	Values Removed	Values Added
Summary		(es) FreeScout es un servicio de asistencia y bandeja de entrada compartida, ligero, gratuito y de código abierto, desarrollado con PHP (Laravel framework). En las versiones 1.8.185 y anteriores, existe una vulnerabilidad crítica de deserialización en el endpoint /conversation/ajax que permite a los usuarios autenticados con conocimiento de APP_KEY ejecutar código remoto. La vulnerabilidad ocurre cuando la aplicación procesa los parámetros POST attachments_all y attachments mediante la función insegura Helper::decrypt(), que realiza una deserialización insegura de datos controlados por el usuario sin la validación adecuada. Esta falla permite a los atacantes crear objetos arbitrarios y manipular sus propiedades, lo que compromete por completo la aplicación web. Esto se corrigió en la versión 1.8.186.

26 Jul 2025, 04:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-26 04:16

Updated : 2025-09-11 15:54

NVD link : CVE-2025-54366

Mitre link : CVE-2025-54366

CVE.ORG link : CVE-2025-54366

JSON object : View

Products Affected

freescout

freescout

CWE

CWE-502

Deserialization of Untrusted Data

8.8 /10