Error type:
CWE‑362:Concurrent Execution Using Shared Resource with Improper Synchronization
Vulnerability vector:
Base vulnerability score (CVSSv4.0): CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Severity (CVSSv4.0): 5.1 (Medium)
Description:
The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174.
The discovered vulnerability allows an attacker to influence the order of execution in multithreaded code because of improper synchronization, leading to unintended actions.
Vulnerability status: Confirmed by vendor
Date of vulnerability remediation: 27.05.2025
Recommendations:
Update to version 1.8.181 or higher
Additional information: Security advisory
Researcher: Ilya Tsaturov, Daniil Satyaev, Roman Cheremnykh, Artem Deikov, Artem Danilov, Stanislav Gleym (Positive Technologies)
Identifiers:
CVE-2025-48880
BDU:2025-06967
Vendor:
FreeScout
Vulnerable product:
FreeScout
Vulnerable versions:
v.1.8.173 and 1.8.174