CVE-2025-58163

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-58163
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58163.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-58163
Aliases
  • GHSA-j94w-q9gj-c37g
Published
2025-09-03T02:15:37Z
Modified
2025-09-09T06:59:40.166989Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY to achieve remote code execution. The vulnerability is exploited via endpoint, e.g.: /help/{mailbox_id}/auth/{customer_id}/{hash}/{timestamp} where the customer_id and timestamp parameters are processed through the decrypt function in app/Helper.php without proper validation. The code decrypts using Laravel's built-in encryption functions, which subsequently deserialize the decrypted payload without sanitization, allowing attackers to craft malicious serialized PHP objects using classes to trigger arbitrary command execution. This is fixed in version 1.8.186.

References

Affected packages

Git / github.com/freescout-help-desk/freescout

Affected ranges

Type
GIT
Repo
https://github.com/freescout-help-desk/freescout
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
53f6100f2c659763370a24fe7c2e81fc9a50d96d
Fixed
e2de65f3f32f825b4ec5558643ed81438c9a6bc6

Affected versions

1.*

1.0.0
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.10
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.3.0
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.3.17
1.3.18
1.3.19
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0
1.4.1
1.4.10
1.4.11
1.4.12
1.4.2
1.4.3
1.4.4
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.5.1
1.5.10
1.5.11
1.5.12
1.5.13
1.5.14
1.5.15
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.10
1.6.11
1.6.12
1.6.13
1.6.14
1.6.15
1.6.16
1.6.17
1.6.18
1.6.19
1.6.2
1.6.20
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.1
1.7.10
1.7.11
1.7.12
1.7.13
1.7.14
1.7.15
1.7.16
1.7.17
1.7.18
1.7.19
1.7.2
1.7.20
1.7.21
1.7.22
1.7.23
1.7.24
1.7.25
1.7.26
1.7.27
1.7.28
1.7.29
1.7.3
1.7.30
1.7.4
1.7.5
1.7.6
1.7.7
1.7.9
1.8.0
1.8.1
1.8.10
1.8.100
1.8.101
1.8.102
1.8.103
1.8.104
1.8.105
1.8.106
1.8.107
1.8.108
1.8.109
1.8.11
1.8.110
1.8.111
1.8.112
1.8.113
1.8.114
1.8.115
1.8.116
1.8.117
1.8.118
1.8.119
1.8.12
1.8.120
1.8.121
1.8.122
1.8.123
1.8.124
1.8.125
1.8.126
1.8.127
1.8.128
1.8.129
1.8.13
1.8.130
1.8.131
1.8.132
1.8.133
1.8.134
1.8.135
1.8.136
1.8.137
1.8.138
1.8.139
1.8.14
1.8.140
1.8.141
1.8.142
1.8.143
1.8.144
1.8.145
1.8.146
1.8.147
1.8.148
1.8.149
1.8.15
1.8.150
1.8.151
1.8.152
1.8.153
1.8.154
1.8.155
1.8.156
1.8.157
1.8.158
1.8.159
1.8.16
1.8.160
1.8.161
1.8.162
1.8.163
1.8.164
1.8.165
1.8.166
1.8.167
1.8.168
1.8.169
1.8.17
1.8.170
1.8.171
1.8.172
1.8.173
1.8.174
1.8.175
1.8.176
1.8.177
1.8.178
1.8.179
1.8.18
1.8.180
1.8.181
1.8.182
1.8.183
1.8.184
1.8.185
1.8.19
1.8.2
1.8.20
1.8.21
1.8.22
1.8.23
1.8.24
1.8.25
1.8.26
1.8.27
1.8.28
1.8.29
1.8.3
1.8.30
1.8.31
1.8.32
1.8.33
1.8.34
1.8.35
1.8.36
1.8.37
1.8.38
1.8.39
1.8.4
1.8.40
1.8.41
1.8.42
1.8.43
1.8.44
1.8.45
1.8.46
1.8.47
1.8.48
1.8.49
1.8.5
1.8.50
1.8.51
1.8.52
1.8.53
1.8.54
1.8.55
1.8.56
1.8.57
1.8.58
1.8.59
1.8.6
1.8.60
1.8.61
1.8.62
1.8.63
1.8.65
1.8.66
1.8.67
1.8.68
1.8.69
1.8.7
1.8.70
1.8.71
1.8.72
1.8.73
1.8.74
1.8.75
1.8.76
1.8.77
1.8.78
1.8.79
1.8.8
1.8.80
1.8.81
1.8.82
1.8.83
1.8.84
1.8.85
1.8.86
1.8.87
1.8.88
1.8.89
1.8.9
1.8.90
1.8.91
1.8.92
1.8.93
1.8.94
1.8.95
1.8.96
1.8.97
1.8.98
1.8.99