Skip to main content

CVE-2025-48471: CWE-434: Unrestricted Upload of File with Dangerous Type in freescout-help-desk freescout

High
VulnerabilityCVE-2025-48471cvecve-2025-48471cwe-434
Published: Thu May 29 2025 (05/29/2025, 15:17:11 UTC)
Source: CVE Database V5
Vendor/Project: freescout-help-desk
Product: freescout

Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the application. This allows files to be uploaded with the phtml and phar extensions, which can lead to remote code execution if the Apache web server is used. This issue has been patched in version 1.8.179.

AI-Powered Analysis

AILast updated: 07/07/2025, 23:12:19 UTC

Technical Analysis

CVE-2025-48471 is a high-severity vulnerability classified under CWE-434, which pertains to the unrestricted upload of files with dangerous types. The affected product is FreeScout, a free, self-hosted help desk and shared mailbox application. Versions prior to 1.8.179 do not adequately validate or restrict the types of files users can upload. Specifically, the application allows files with the .phtml and .phar extensions to be uploaded without sufficient checks. These file types are particularly dangerous when the application is hosted on an Apache web server because they can be interpreted as executable PHP code. This flaw can lead to remote code execution (RCE), allowing an attacker to execute arbitrary code on the server hosting FreeScout. The vulnerability does not require user interaction and can be exploited remotely over the network without authentication, increasing its risk profile. The vulnerability was published on May 29, 2025, and has a CVSS v4.0 base score of 7.0, indicating a high severity. Although no known exploits are currently reported in the wild, the potential impact of this vulnerability is significant due to the possibility of full server compromise. The issue has been addressed and patched in FreeScout version 1.8.179, which implements proper file type validation to prevent dangerous file uploads.

Potential Impact

For European organizations using FreeScout versions prior to 1.8.179, this vulnerability poses a serious risk. Successful exploitation could lead to remote code execution on the affected server, potentially resulting in full system compromise. This can lead to unauthorized access to sensitive customer support data, internal communications, and other confidential information managed through the help desk system. Additionally, attackers could use the compromised server as a foothold to pivot into the broader organizational network, escalating privileges and causing further damage. The availability of the help desk service could also be disrupted, impacting business operations and customer service capabilities. Given the critical nature of help desk systems in managing customer relations and internal IT support, exploitation could damage organizational reputation and lead to regulatory compliance issues under GDPR if personal data is exposed or mishandled. The fact that no authentication is required for exploitation increases the threat level, making it easier for external attackers to target vulnerable systems.

Mitigation Recommendations

European organizations should immediately verify their FreeScout deployment version and upgrade to version 1.8.179 or later, where the vulnerability is patched. If upgrading is not immediately feasible, organizations should implement strict file upload restrictions at the web server or application firewall level, explicitly blocking .phtml, .phar, and other executable file extensions. Additionally, configuring the Apache web server to disallow execution of uploaded files in directories used for file storage can reduce risk. Employing web application firewalls (WAFs) with rules to detect and block suspicious file uploads can provide an additional layer of defense. Regularly auditing and monitoring upload directories for unauthorized or suspicious files is recommended. Organizations should also review and tighten user permissions to limit who can upload files and consider implementing multi-factor authentication for administrative access to reduce the risk of insider threats. Finally, maintaining up-to-date backups and having an incident response plan tailored to web application compromises will help mitigate impact if exploitation occurs.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-05-22T12:11:39.117Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 68387d4e182aa0cae283168f

Added to database: 5/29/2025, 3:29:18 PM

Last enriched: 7/7/2025, 11:12:19 PM

Last updated: 8/11/2025, 5:25:41 AM

Views: 11

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats