CVE-2025-48485

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description FreeScout is a free self-hosted help desk and shared mailbox. The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to the customer profile update feature until the patch is applied. Avoid using the vulnerable feature to minimize the risk of exploitation.