Critical Mail2Shell Vulnerability Enables Zero-Click RCE in FreeScout Helpdesk Platform

A maximum-severity vulnerability in the FreeScout helpdesk platform enables remote code execution (RCE) without requiring user interaction or authentication. The flaw, dubbed "Mail2Shell," allows attackers to hijack FreeScout mail servers by exploiting the unpatched issue. No specific CVE ID, affected version ranges, or patch release dates were disclosed in the report. The attack vector leverages the platform's mail processing functionality, making it a zero-click exploit. The impact includes full server compromise, though no active exploitation instances were confirmed. FreeScout users are advised to monitor for updates to mitigate the risk.