CVE-2025-48475

CVSS v3.1

8.1

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The system does not provide a check on which clients an authorized user can view and edit. As a result, an authorized user without access to existing mailboxes or conversations can view and edit the system's clients. The limitation of client visibility can be implemented by the

limit user customer visibility

setting, but there is no check for the presence of this setting in certain scenarios.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider implementing the

limit user customer visibility

setting to restrict client visibility. Restrict access to client editing features to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

BDU:2025-06951

CVE-2025-48475

GHSA-XVCH-F75C-8W8Q

Affected Products

Freescout

CVE-2025-48475

Weakness Enumeration

Related Identifiers

Affected Products

References · 9