- Description
- FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the get method, deserialization will occur, which will allow arbitrary code execution This issue has been patched in version 1.8.178.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-502
- Hype score
- Not currently trending
🚨 CVE-2025-48389 🔴 HIGH (8.6) 🏢 freescout-help-desk - freescout 🏗️ < 1.8.178 🔗 https://t.co/S3whDL49fe 🔗 https://t.co/8pkPK2mIfF #CyberCron #VulnAlert #InfoSec https://t.co/TJBwvKe6iN
@cybercronai
30 May 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48389 Deserialization Vulnerability in FreeScout Before 1.8.178 Enabling Arbitrary Code Execution https://t.co/weIy8JKv8J
@VulmonFeeds
29 May 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-48389: HIGH] Attention FreeScout users! Update to version 1.8.178 now to patch a critical vulnerability allowing arbitrary code execution through deserialization of untrusted data. #cybersecurity#cve,CVE-2025-48389,#cybersecurity https://t.co/luEVs659dt https://t.co/WhA
@CveFindCom
29 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48389 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficie… https://t.co/r9tyBGactK
@CVEnew
29 May 2025
320 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E0D2641-4473-4694-A5CA-F58375E5B731",
"versionEndExcluding": "1.8.178"
}
],
"operator": "OR"
}
]
}
]