CVE-2025-48474

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The application incorrectly checks user access rights for conversations. Users with show only assigned conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing conversations.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider disabling the feature that allows users to assign themselves to conversations until the update is applied. Restrict access to the mailbox to minimize the risk of exploitation.