Access Control Flaw in FreeScout Help Desk Software by FreeScout
CVE-2025-48474

5.3MEDIUM

Key Information:

Vendor: Freescout-help-desk
Status: Freescout
Vendor: CVE Published:; 29 May 2025

🔔 Create Freescout-help-desk Vulnerability Alert

What is CVE-2025-48474?

FreeScout, a self-hosted help desk solution, previously exposed a vulnerability due to improper checks on user access rights for conversations. This flaw allowed users with the 'show_only_assigned_conversations' feature enabled to assign themselves to any conversation within accessible mailboxes. Such a loophole enabled unauthorized viewing of conversations, compromising data confidentiality. The issue has been resolved in version 1.8.180, emphasizing the importance of timely software updates.

Affected Version(s)

freescout < 1.8.180

References

https://github.com/freescout-help-desk/freescout/security...

x_refsource_CONFIRM

https://github.com/freescout-help-desk/freescout/commit/8...

x_refsource_MISC

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2025
Vulnerability Reserved
May 22, 2025

JSON