PT-2025-23177 · Freescout · Freescout
Artem Danilov
+5
·
Published
2025-05-13
·
Updated
2025-07-11
·
CVE-2025-48473
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
FreeScout versions prior to 1.8.179
Description
The issue allows users to view arbitrary messages from other mailboxes or conversations they do not have access to, due to a lack of checks when creating a conversation from a message in another conversation. The access restriction to conversations, implemented by the
show only assigned conversations setting, is also not checked.Recommendations
For versions prior to 1.8.179, update to version 1.8.179 to resolve the issue. As a temporary workaround, consider restricting access to conversations by carefully managing the
show only assigned conversations setting until the update can be applied.Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freescout