CVE-2025-48473

CVSS v2.0

5.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.179

Description The issue allows users to view arbitrary messages from other mailboxes or conversations they do not have access to, due to a lack of checks when creating a conversation from a message in another conversation. The access restriction to conversations, implemented by the

show only assigned conversations

setting, is also not checked.

Recommendations For versions prior to 1.8.179, update to version 1.8.179 to resolve the issue. As a temporary workaround, consider restricting access to conversations by carefully managing the

show only assigned conversations

setting until the update can be applied.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-06949

CVE-2025-48473

GHSA-3X75-7856-R794

Affected Products

Freescout

CVE-2025-48473

Weakness Enumeration

Related Identifiers

Affected Products

References · 9