CVE-2025-48472 MEDIUM

CVE-2025-48472: FreeScout Vulnerable to Insufficient Authorization

Vendor Freescout-Help-Desk

Product freescout

Weakness CWE-863 · Incorrect authorization

Published May 29, 2025

Last update May 29, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have access to the mailbox, then after disabling (enabling) notifications for this mailbox, the user will gain access to it. This issue has been patched in version 1.8.179.

Key dates

02Disclosure timeline

May 29, 2025 CVE published

May 29, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-48472

Related vulnerabilities

CVE-2025-48472: FreeScout Vulnerable to Insufficient Authorization

01Description

02Disclosure timeline

03References

04Related CVE