CVE-2025-48389

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-48389
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the set function, a string with a serialized object can be passed, and when getting an option through the get method, deserialization will occur, which will allow arbitrary code execution This issue has been patched in version 1.8.178.
CVSS

No CVSS.

References
Link Resource
https://github.com/freescout-help-desk/freescout/commit/f7548a7076a0b6e109001069d6be223fbd96c61e
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jmpv-8q3h-2m8v
Configurations

No configuration.

History

30 May 2025, 16:31

Type Values Removed Values Added
Summary
  • (es) FreeScout es un servicio de asistencia gratuito y autoalojado, con buzón compartido. Antes de la versión 1.8.178, FreeScout era vulnerable a la deserialización de datos no confiables debido a una validación insuficiente. Mediante la función "set", se puede pasar una cadena con un objeto serializado, y al obtener una opción mediante el método "get", se produce la deserialización, lo que permite la ejecución de código arbitrario. Este problema se ha corregido en la versión 1.8.178.

29 May 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-29 16:15

Updated : 2025-05-30 16:31

NVD link : CVE-2025-48389

Mitre link : CVE-2025-48389

CVE.ORG link : CVE-2025-48389

JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data