CVE-2025-48475

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The system does not provide a check on which clients an authorized user can view and edit. As a result, an authorized user without access to existing mailboxes or conversations can view and edit the system's clients. The limitation of client visibility can be implemented by the limit user customer visibility setting, but there is no check for the presence of this setting in certain scenarios.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider implementing the limit user customer visibility setting to restrict client visibility. Restrict access to client editing features to minimize the risk of exploitation.