Logic Flaw in FreeScout Help Desk Application
CVE-2025-48477

7.1HIGH

Key Information:

Vendor: Freescout-help-desk
Status: Freescout
Vendor: CVE Published:; 30 May 2025

🔔 Create Freescout-help-desk Vulnerability Alert

What is CVE-2025-48477?

The FreeScout Help Desk application contains a logic flaw that permits users to access functionalities without adhering to the required sequence of actions. This unintended access allows modifications to the attributes of the Mailbox object via the fill method. The issue was resolved in version 1.8.180, and users are advised to update to this version to mitigate the risk associated with this flaw.

Affected Version(s)

freescout < 1.8.180

References

https://github.com/freescout-help-desk/freescout/security...

x_refsource_CONFIRM

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2025
Vulnerability Reserved
May 22, 2025