Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-48474

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing conversations. This issue has been patched in version 1.8.180.

Published

2025-05-29T16:15:41.273

Last Modified

2025-07-02T15:50:57.663

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	freescout	freescout	< 1.8.180	Yes

References

https://github.com/freescout-help-desk/freescout/commit/87cdb65d6b632b5292bcac2d7a209f6e36ae51d7 Patch ([email protected])
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9wc4-vchw-mr3m Exploit, Vendor Advisory ([email protected])