Error type:
CWE-502:Deserialization of Untrusted Data
Vulnerability vector:
- Base vulnerability score (CVSSv4.0): CVSS:4.0/ AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
- Severity (CVSSv4.0): 7.0 (High)
Description:
The vulnerability was identified in FreeScout, version 1.8.182.
The discovered vulnerability allows an attacker to deserialize data, gain control over application objects and cause malfunction.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 19.07.2025
Recommendations:
- Update to version 1.8.186 or higher
Additional information: Security advisory, Press release
Researcher: Daniil Satyaev, Roman Cheremnykh, Artem Danilov (Positive Technologies)
Identifiers:
BDU:2025-13047
Vendor:
FreeScout
Vulnerable product:
FreeScout
Vulnerable versions:
1.8.182