Zero-Click Vulnerability "Mail2Shell" in FreeScout Enables Remote Code Execution

Ox Security identified a zero-click vulnerability in FreeScout, dubbed "Mail2Shell," that allows threat actors to execute remote code without user interaction. The flaw enables attackers to hijack FreeScout systems by exploiting the bug, though no specific CVE ID, affected versions, or exploitation timeline were disclosed. The impact includes unauthorized system control, but no additional technical details, such as attack vectors or mitigation steps, were provided. The discovery was attributed to Ox Security, with no mention of active exploitation or affected regions. The report focuses on the potential for remote code execution (RCE) via the unpatched issue.