Primary

Context

FreeScout Remote Code Execution Vulnerability Due to Arbitrary File Upload

Vulnerability

Patched

A vulnerability in FreeScout prior to version 1.8.179 allows for arbitrary file uploads with phtml and phar extensions. This issue arises from insufficient validation of uploaded files, enabling remote code execution on servers running Apache. The vulnerability affects versions 1.8.173 and 1.8.174.

Impact

Exploitation of this vulnerability could lead to remote code execution on the server.

Remediation

Users can update to FreeScout version 1.8.179 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

5.6

remediation

7.7

relevance

0.0

threat

3.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

5.6

remediation

7.7

relevance

0.0

threat

3.3

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeScout Remote Code Execution Vulnerability Due to Arbitrary File Upload

Vulnerability

Impact

Remediation

Affected Products

FreeScout

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating