PT-2025-23174 · Freescout · Freescout
Artem Danilov
+5
·
Published
2025-05-13
·
Updated
2025-05-29
·
CVE-2025-48472
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
FreeScout versions prior to 1.8.179
Description
The issue concerns the lack of a check to ensure users can only disable notifications for mailboxes they already have access to. The code allows users to gain access to a mailbox by disabling or enabling notifications for it, even if they did not have access initially.
Recommendations
For versions prior to 1.8.179, update to version 1.8.179 to resolve the issue. As a temporary workaround, consider restricting access to the notification settings for mailboxes to minimize the risk of unauthorized access.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freescout