CVE-2025-48478

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The issue is related to insufficient input validation during user creation, resulting in a mass assignment vulnerability. This vulnerability allows an attacker to manipulate all fields of the object, which are enumerated in the $fillable array (the User object), when creating a new user.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to user creation functionality until the update is applied.