CVE-2025-48472

CVSS v3.1

8.1

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.179

Description The issue concerns the lack of a check to ensure users can only disable notifications for mailboxes they already have access to. The code allows users to gain access to a mailbox by disabling or enabling notifications for it, even if they did not have access initially.

Recommendations For versions prior to 1.8.179, update to version 1.8.179 to resolve the issue. As a temporary workaround, consider restricting access to the notification settings for mailboxes to minimize the risk of unauthorized access.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-06948

CVE-2025-48472

GHSA-F62R-8354-8PQG

Affected Products

Freescout

CVE-2025-48472

Weakness Enumeration

Related Identifiers

Affected Products

References · 7