Businesses use FreeScout to provide customer support by email
PT SWARM experts Artyom Danilov, Roman Cheremnykh, and Daniil Satyaev1 discovered 22 vulnerabilities in FreeScout modules. FreeScout is an open-source helpdesk platform and shared mailbox. By exploiting the security flaws, an attacker could steal credentials and pivot deeper into the organization's network. The vendor was notified of the vulnerability under a responsible disclosure policy and released an update.
1 At the moment of the vulnerabilities discovery in 2025.
The vulnerabilities PT-2025-47937, PT-2025-42833—PT-2025-428532 (BDU:2025-12427, BDU:2025-13045—BDU:2025-13065) were assigned CVSS 4.0 scores ranging from 5.3 to 8.7 out of 10. The flaws were found in official FreeScout modules that customers purchase separately, including Saved Replies Module, Live Chat Module, and Auto Login Module. These modules enable canned responses, live chat on websites, and automatic login to FreeScout from email.
2 The vulnerabilities are registered on the dbugs portal, which aggregates data on vulnerabilities in software and hardware from vendors around the world.
Exploitation required only a FreeScout account, which an attacker could obtain by bruteforcing passwords. The discovered security flaws exposed customer personal data and employee credentials, enabled redirects to phishing pages, and allowed attackers to move laterally within the network.
FreeScout is a popular help desk platform. As of September 2025, it had 3,800 GitHub stars and roughly 600 repository forks. Because the vulnerabilities affected additional FreeScout modules, it is hard to estimate the total damage. However, threat intelligence from Positive Technologies suggests that at least 10,000 devices running FreeScout worldwide may be vulnerable. Most of these devices are located in the U.S. and Germany (24% each), followed by Russia (7%), France (5%), and UK (5%).
Distribution of vulnerable FreeScout systems by country
Users should promptly update to version 1.8.186; however, we recommend additionally updating all vulnerable modules specified by the vendor. If patching is not possible, reset FreeScout employee passwords to stronger ones. Make sure that only administrators can add new users to the application.
"The most dangerous vulnerability we found, PT-2025-42842, stemmed from insecure deserialization3. If an attacker with the application's unique key sent a malicious payload to the FreeScout server, it would be processed without proper validation, allowing remote execution of malicious code. Ultimately, the attacker could obtain customer data, disrupt business processes, and attack other company servers."
Artyom DanilovBanking Security Specialist at Positive Technologies
This is not the first time Positive Technologies helped strengthen FreeScout's security. Earlier this year, Artyom Danilov, Roman Cheremnykh, Daniil Satyaev, Artyom Deykov, Ilya Tsaturov, and Stanislav Gleim discovered the following vulnerabilities in FreeScout versions earlier than 1.8.181: PT-2025-23148, PT-2025-23171—PT-2025-23174, PT-2025-23177—PT-2025-23179, PT-2025-23242—PT-2025-23250, PT-2025-23255—PT-2025-23258, and PT-2025-23263—PT-2025-23265. These vulnerabilities can facilitate exploitation of the newly detected 22 issues, so users who have not installed the fixes from release 1.8.182 are at particular risk.
To detect vulnerabilities during development, we recommend using static code analysis tools such as PT Application Inspector. Advanced NTA and NDR solutions like PT Network Attack Discovery (PT NAD) detect exploitation attempts, while NGFW solutions such as PT NGFW block them. To block exploitation attempts, Positive Technologies also recommends using advanced security solutions, including web application firewalls like PT Application Firewall (also available in the cloud version: PT Cloud Application Firewall).
For up-to-date security information, visit the dbugs portal, which aggregates vulnerability data and vendor recommendations for software and hardware from vendors around the world.
3 Deserialization is the process of reconstructing an object from a series of bytes.