{"id":73423,"date":"2025-09-09T11:25:39","date_gmt":"2025-09-09T11:25:39","guid":{"rendered":""},"modified":"2025-10-06T05:35:30","modified_gmt":"2025-10-06T11:35:30","slug":"cve-2025-58163-remote-code-execution-vulnerability-in-freescout-help-desk-software","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-58163-remote-code-execution-vulnerability-in-freescout-help-desk-software\/","title":{"rendered":"<strong>CVE-2025-58163: Remote Code Execution Vulnerability in FreeScout Help Desk Software<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The Common Vulnerabilities and Exposures (CVE) system has identified a significant security vulnerability in FreeScout&#8217;s help desk software. This vulnerability, labeled CVE-2025-58163, enables potential attackers with specific knowledge of the software&#8217;s APP_KEY to execute remote code. This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6076-unsanitized-file-upload-vulnerability-in-partner-software-applications\/\"  data-wpil-monitor-id=\"82118\">vulnerability is particularly severe because FreeScout&#8217;s software<\/a> is widely used, and the exploit can lead to system compromise or data leakage. It underscores the necessity of regular patching and <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-53795-vulnerability-in-microsoft-pc-manager-allowing-unauthorized-privilege-elevation\/\"  data-wpil-monitor-id=\"81026\">vulnerability management<\/a> in maintaining secure IT environments.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-58163<br \/>\nSeverity: High (8.8 CVSS score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low (Authenticated Access)<br \/>\nUser Interaction: None<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-22404-potential-system-compromise-due-to-use-after-free-vulnerability\/\"  data-wpil-monitor-id=\"85609\">System compromise<\/a> or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-50455893\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>FreeScout Help Desk Software | Up to and including 1.8.185<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The exploit leverages a deserialization of untrusted <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-51055-insecure-data-storage-vulnerability-in-vedo-suite-version-2024-17\/\"  data-wpil-monitor-id=\"81582\">data vulnerability<\/a> in the FreeScout software. The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-9712-critical-remote-code-execution-vulnerability-in-ivanti-endpoint-manager\/\"  data-wpil-monitor-id=\"89101\">vulnerable endpoint<\/a> is `\/help\/{mailbox_id}\/auth\/{customer_id}\/{hash}\/{timestamp}`. The `customer_id` and `timestamp` parameters are processed through a decrypt function without sufficient validation. This function uses Laravel&#8217;s built-in encryption functions, which then deserialize the payload without sanitization. This lack of sanitization allows an attacker to create malicious serialized <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-8145-php-object-injection-vulnerability-in-redirection-for-contact-form-7-wordpress-plugin\/\"  data-wpil-monitor-id=\"82031\">PHP objects<\/a> using classes to trigger arbitrary command execution.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-205196515\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>An attacker could exploit this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-25174-critical-php-remote-file-inclusion-vulnerability-in-beeteam368-extensions\/\"  data-wpil-monitor-id=\"81099\">vulnerability by crafting a malicious serialized PHP<\/a> object and inserting it into either the `customer_id` or `timestamp` parameters. In practice, this might look something like the following:<\/p>\n<pre><code class=\"\" data-line=\"\">GET \/help\/abc123\/auth\/O:4:&quot;RCE&quot;:1:{s:10:&quot;command&quot;;s:15:&quot;rm -rf \/&quot;;}\/\/hash\/\/timestamp HTTP\/1.1\nHost: target.example.com<\/code><\/pre>\n<p>In this conceptual example, a malicious PHP object of class &#8220;RCE&#8221; with a command property is used to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-5391-arbitrary-file-deletion-vulnerability-in-woocommerce-purchase-orders-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"81304\">delete all files<\/a> in the root directory. This is a simplified example, and real-world exploits would likely be more complex and potentially more damaging.<br \/>\nRemember to always <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2022-38692-critical-rsa-key-size-validation-vulnerability-in-bootrom\/\"  data-wpil-monitor-id=\"84513\">validate and sanitize all input to prevent such vulnerabilities<\/a>. In addition, use a Web Application Firewall (WAF) or Intrusion Detection System (IDS) for extra protection, and always keep your software updated with the latest patches. In this specific case, FreeScout has already fixed this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47108-out-of-bounds-write-vulnerability-in-substance3d-painter-versions-11-0-1-and-earlier\/\"  data-wpil-monitor-id=\"81989\">vulnerability in version<\/a> 1.8.186.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The Common Vulnerabilities and Exposures (CVE) system has identified a significant security vulnerability in FreeScout&#8217;s help desk software. This vulnerability, labeled CVE-2025-58163, enables potential attackers with specific knowledge of the software&#8217;s APP_KEY to execute remote code. This vulnerability is particularly severe because FreeScout&#8217;s software is widely used, and the exploit can lead to system [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[80],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-73423","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-rce"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/73423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=73423"}],"version-history":[{"count":10,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/73423\/revisions"}],"predecessor-version":[{"id":81924,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/73423\/revisions\/81924"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=73423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=73423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=73423"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=73423"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=73423"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=73423"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=73423"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=73423"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=73423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}