Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an authorized user can view and edit, and which ones they cannot. As a result, an authorized user who does not have access to any of the existing mailboxes, as well as to any of the existing conversations, has the ability to view and edit the System's clients. The limitation of client visibility can be implemented by the limit_user_customer_visibility setting, however, in the specified scenarios, there is no check for the presence of this setting. This issue has been patched in version 1.8.180.

INFO

Published Date :

2025-05-29T16:27:43.554Z

Last Modified :

2025-05-29T17:58:01.308Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-48475 vulnerability.

Vendors Products
Freescout
  • Freescout
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-48475.

URL Resource
https://github.com/freescout-help-desk/freescout/commit/1f154ce039618ed5abd960c97619c23534c0717a cve-icon cve-icon
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-xvch-f75c-8w8q cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact