cvelistv5 - cve-2025-54366

CVE-2025-54366 (GCVE-0-2025-54366)

Vulnerability from cvelistv5 – Published: 2025-07-26 03:35 – Updated: 2025-07-28 15:00

Title

FreeScout's deserialization of untrusted data leads to Remote Code Execution

Summary

FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the application processes the attachments_all and attachments POST parameters through the insecure Helper::decrypt() function, which performs unsafe deserialization of user-controlled data without proper validation. This flaw enables attackers to create arbitrary objects and manipulate their properties, leading to complete compromise of the web application. This is fixed in version 1.8.186.

Severity ?

8.6 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-502 - Deserialization of Untrusted Data

Assigner

GitHub_M

References

URL

Tags

	https://github.com/freescout-help-desk/freescout/…	x_refsource_CONFIRM
	https://github.com/freescout-help-desk/freescout/…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	freescout-help-desk	freescout	Affected: < 1.8.186

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54366",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T14:59:56.421447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T15:00:13.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "freescout",
          "vendor": "freescout-help-desk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.8.186"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the application processes the attachments_all and attachments POST parameters through the insecure Helper::decrypt() function, which performs unsafe deserialization of user-controlled data without proper validation. This flaw enables attackers to create arbitrary objects and manipulate their properties, leading to complete compromise of the web application. This is fixed in version 1.8.186."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-26T03:35:17.444Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj"
        },
        {
          "name": "https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9"
        }
      ],
      "source": {
        "advisory": "GHSA-vcc2-6r66-gvvj",
        "discovery": "UNKNOWN"
      },
      "title": "FreeScout\u0027s deserialization of untrusted data leads to Remote Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54366",
    "datePublished": "2025-07-26T03:35:17.444Z",
    "dateReserved": "2025-07-21T16:12:20.732Z",
    "dateUpdated": "2025-07-28T15:00:13.862Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54366\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-26T04:16:04.857\",\"lastModified\":\"2025-09-11T15:54:46.540\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the application processes the attachments_all and attachments POST parameters through the insecure Helper::decrypt() function, which performs unsafe deserialization of user-controlled data without proper validation. This flaw enables attackers to create arbitrary objects and manipulate their properties, leading to complete compromise of the web application. This is fixed in version 1.8.186.\"},{\"lang\":\"es\",\"value\":\"FreeScout es un servicio de asistencia y bandeja de entrada compartida, ligero, gratuito y de c\u00f3digo abierto, desarrollado con PHP (Laravel framework). En las versiones 1.8.185 y anteriores, existe una vulnerabilidad cr\u00edtica de deserializaci\u00f3n en el endpoint /conversation/ajax que permite a los usuarios autenticados con conocimiento de APP_KEY ejecutar c\u00f3digo remoto. La vulnerabilidad ocurre cuando la aplicaci\u00f3n procesa los par\u00e1metros POST attachments_all y attachments mediante la funci\u00f3n insegura Helper::decrypt(), que realiza una deserializaci\u00f3n insegura de datos controlados por el usuario sin la validaci\u00f3n adecuada. Esta falla permite a los atacantes crear objetos arbitrarios y manipular sus propiedades, lo que compromete por completo la aplicaci\u00f3n web. Esto se corrigi\u00f3 en la versi\u00f3n 1.8.186.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.8.86\",\"matchCriteriaId\":\"11FCD8A6-16E4-4335-BAEA-4328A5DFD57D\"}]}]}],\"references\":[{\"url\":\"https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54366\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-28T14:59:56.421447Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-28T15:00:08.443Z\"}}], \"cna\": {\"title\": \"FreeScout\u0027s deserialization of untrusted data leads to Remote Code Execution\", \"source\": {\"advisory\": \"GHSA-vcc2-6r66-gvvj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"freescout-help-desk\", \"product\": \"freescout\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.8.186\"}]}], \"references\": [{\"url\": \"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj\", \"name\": \"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9\", \"name\": \"https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the application processes the attachments_all and attachments POST parameters through the insecure Helper::decrypt() function, which performs unsafe deserialization of user-controlled data without proper validation. This flaw enables attackers to create arbitrary objects and manipulate their properties, leading to complete compromise of the web application. This is fixed in version 1.8.186.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502: Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-26T03:35:17.444Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54366\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-28T15:00:13.862Z\", \"dateReserved\": \"2025-07-21T16:12:20.732Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-26T03:35:17.444Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2025-54366

Vulnerability from fkie_nvd - Published: 2025-07-26 04:16 - Updated: 2025-09-11 15:54

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9	Patch
	security-advisories@github.com	https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	freescout	freescout	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freescout:freescout:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11FCD8A6-16E4-4335-BAEA-4328A5DFD57D",
              "versionEndExcluding": "1.8.86",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /conversation/ajax endpoint that allows authenticated users with knowledge of the APP_KEY to achieve remote code execution. The vulnerability occurs when the application processes the attachments_all and attachments POST parameters through the insecure Helper::decrypt() function, which performs unsafe deserialization of user-controlled data without proper validation. This flaw enables attackers to create arbitrary objects and manipulate their properties, leading to complete compromise of the web application. This is fixed in version 1.8.186."
    },
    {
      "lang": "es",
      "value": "FreeScout es un servicio de asistencia y bandeja de entrada compartida, ligero, gratuito y de c\u00f3digo abierto, desarrollado con PHP (Laravel framework). En las versiones 1.8.185 y anteriores, existe una vulnerabilidad cr\u00edtica de deserializaci\u00f3n en el endpoint /conversation/ajax que permite a los usuarios autenticados con conocimiento de APP_KEY ejecutar c\u00f3digo remoto. La vulnerabilidad ocurre cuando la aplicaci\u00f3n procesa los par\u00e1metros POST attachments_all y attachments mediante la funci\u00f3n insegura Helper::decrypt(), que realiza una deserializaci\u00f3n insegura de datos controlados por el usuario sin la validaci\u00f3n adecuada. Esta falla permite a los atacantes crear objetos arbitrarios y manipular sus propiedades, lo que compromete por completo la aplicaci\u00f3n web. Esto se corrigi\u00f3 en la versi\u00f3n 1.8.186."
    }
  ],
  "id": "CVE-2025-54366",
  "lastModified": "2025-09-11T15:54:46.540",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-26T04:16:04.857",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

CNVD-2025-21029

Vulnerability from cnvd - Published: 2025-09-11

Title

Freescout Helper::decrypt()函数反序列化漏洞

Description

FreeScout是一款基于PHP Laravel框架构建的开源帮助台系统，旨在为用户提供类似Zendesk或Help Scout的功能，但无需牺牲隐私或自由度。 Freescout存在反序列化漏洞，该漏洞源于应用程序通过不安全的Helper::decrypt()函数处理attachments_all和attachments参数时，未对用户可控数据实施有效验证便执行危险的反序列化操作。攻击者可利用该漏洞通过构造恶意序列化数据实现任意对象创建及属性操控，最终导致Web应用完全被控制。

Severity

高

Patch Name

Freescout Helper::decrypt()函数反序列化漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://github.com/freescout-help-desk/freescout/releases

Reference

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj https://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9

Impacted products

Name
Freescout Freescout <=1.8.185

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-54366",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-54366"
    }
  },
  "description": "FreeScout\u662f\u4e00\u6b3e\u57fa\u4e8ePHP Laravel\u6846\u67b6\u6784\u5efa\u7684\u5f00\u6e90\u5e2e\u52a9\u53f0\u7cfb\u7edf\uff0c\u65e8\u5728\u4e3a\u7528\u6237\u63d0\u4f9b\u7c7b\u4f3cZendesk\u6216Help Scout\u7684\u529f\u80fd\uff0c\u4f46\u65e0\u9700\u727a\u7272\u9690\u79c1\u6216\u81ea\u7531\u5ea6\u3002\n\nFreescout\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u4e0d\u5b89\u5168\u7684Helper::decrypt()\u51fd\u6570\u5904\u7406attachments_all\u548cattachments\u53c2\u6570\u65f6\uff0c\u672a\u5bf9\u7528\u6237\u53ef\u63a7\u6570\u636e\u5b9e\u65bd\u6709\u6548\u9a8c\u8bc1\u4fbf\u6267\u884c\u5371\u9669\u7684\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6784\u9020\u6076\u610f\u5e8f\u5217\u5316\u6570\u636e\u5b9e\u73b0\u4efb\u610f\u5bf9\u8c61\u521b\u5efa\u53ca\u5c5e\u6027\u64cd\u63a7\uff0c\u6700\u7ec8\u5bfc\u81f4Web\u5e94\u7528\u5b8c\u5168\u88ab\u63a7\u5236\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://github.com/freescout-help-desk/freescout/releases",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-21029",
  "openTime": "2025-09-11",
  "patchDescription": "FreeScout\u662f\u4e00\u6b3e\u57fa\u4e8ePHP Laravel\u6846\u67b6\u6784\u5efa\u7684\u5f00\u6e90\u5e2e\u52a9\u53f0\u7cfb\u7edf\uff0c\u65e8\u5728\u4e3a\u7528\u6237\u63d0\u4f9b\u7c7b\u4f3cZendesk\u6216Help Scout\u7684\u529f\u80fd\uff0c\u4f46\u65e0\u9700\u727a\u7272\u9690\u79c1\u6216\u81ea\u7531\u5ea6\u3002\r\n\r\nFreescout\u5b58\u5728\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u901a\u8fc7\u4e0d\u5b89\u5168\u7684Helper::decrypt()\u51fd\u6570\u5904\u7406attachments_all\u548cattachments\u53c2\u6570\u65f6\uff0c\u672a\u5bf9\u7528\u6237\u53ef\u63a7\u6570\u636e\u5b9e\u65bd\u6709\u6548\u9a8c\u8bc1\u4fbf\u6267\u884c\u5371\u9669\u7684\u53cd\u5e8f\u5217\u5316\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u6784\u9020\u6076\u610f\u5e8f\u5217\u5316\u6570\u636e\u5b9e\u73b0\u4efb\u610f\u5bf9\u8c61\u521b\u5efa\u53ca\u5c5e\u6027\u64cd\u63a7\uff0c\u6700\u7ec8\u5bfc\u81f4Web\u5e94\u7528\u5b8c\u5168\u88ab\u63a7\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Freescout Helper::decrypt()\u51fd\u6570\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Freescout Freescout \u003c=1.8.185"
  },
  "referenceLink": "https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-vcc2-6r66-gvvj\r\nhttps://github.com/freescout-help-desk/freescout/commit/9669c57f1ddbee896752d9e16270abfd97b20eb9",
  "serverity": "\u9ad8",
  "submitTime": "2025-07-28",
  "title": "Freescout Helper::decrypt()\u51fd\u6570\u53cd\u5e8f\u5217\u5316\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54366 (GCVE-0-2025-54366)

FKIE_CVE-2025-54366

CNVD-2025-21029

Tags

Sightings

Nomenclature