- Description
- FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-434
- Hype score
- Not currently trending
🚨 #CyberAlert: High-risk CVE-2025-48471 in FreeScout! Prior to v1.8.179, insufficient file checks allow .phtml & .phar uploads leading to remote code execution on Apache servers. 🚀 Update now to stay secure! 🔒🔧 #Infosec #PatchNow #FreeScout #RCE
@SecAideInfo
1 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-48471 🔴 HIGH (7) 🏢 freescout-help-desk - freescout 🏗️ < 1.8.179 🔗 https://t.co/uanEWbDBEo 🔗 https://t.co/6PCptsb2KL #CyberCron #VulnAlert #InfoSec https://t.co/LKDLz6op3f
@cybercronai
30 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48471 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uplo… https://t.co/B6CtnhqbjD
@CVEnew
29 May 2025
249 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes