3 matches found
CVE-2025-54366
FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...
CVE-2025-54366 FreeScout's deserialization of untrusted data leads to Remote Code Execution
FreeScout is a lightweight free open source help desk and shared inbox built with PHP Laravel framework. In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APPKEY to achieve remo...
CVE-2025-54366
Summary: FreeScout prior to v1.8.186 is affected by a deserialization vulnerability in the /conversation/ajax endpoint. The issue arises when processing attachments_all and attachments via the insecure Helper::decrypt() function, which deserializes user-controlled data without proper validation. ...