Error type:
CWE-502:Deserialization of Untrusted Data
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/ AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 8.6 (High)
Description:
The vulnerability was identified in FreeScout, version 1.8.182.
The discovered vulnerability allows an attacker to deserialize arbitrary objects and fully control their properties, leading to total compromise of the web‑application logic and remote code execution (RCE).
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 19.07.2025
Recommendations:
- Update to version 1.8.186 or higher
Additional information: Security advisory, Press release
Researcher: Daniil Satyaev, Roman Cheremnykh, Artem Danilov (Positive Technologies)
Identifiers:
CVE-2025-58163
BDU:2025-13045
Vendor:
FreeScout
Vulnerable product:
FreeScout
Vulnerable versions:
1.8.182