{"id":8999,"date":"2025-07-25T23:44:18","date_gmt":"2025-07-25T23:44:18","guid":{"rendered":"http:\/\/localhost\/?p=8999"},"modified":"2025-07-25T23:44:18","modified_gmt":"2025-07-25T23:44:18","slug":"freescouts-deserialization-of-untrusted-data-leads-to-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=8999","title":{"rendered":"FreeScout’s deserialization of untrusted data leads to Remote Code Execution"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nFreeScout’s deserialization of untrusted data leads to Remote Code Execution<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-26T03:35:17.444Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-26T03:35:17.444Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nfreescout-help-desk<\/td>\n<\/tr>\n
Product<\/th>\nfreescout<\/td>\n<\/tr>\n
Version<\/th>\n< 1.8.186<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n8.6 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical deserialization vulnerability in FreeScout’s \/conversation\/ajax endpoint allows remote code execution for authenticated users with the APP_KEY, enabling full web application compromise.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
AI Vendor<\/th>\nFreeScout Community<\/td>\n<\/tr>\n
AI Product<\/th>\nFreeScout<\/td>\n<\/tr>\n
AI Version<\/th>\n1.8.185<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n