CVE-2025-48485

CVSS v2.0

6.8

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description FreeScout is a free self-hosted help desk and shared mailbox. The application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to the customer profile update feature until the patch is applied. Avoid using the vulnerable feature to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-06961

CVE-2025-48485

GHSA-556Q-W535-XXG8

Affected Products

Freescout

CVE-2025-48485

Weakness Enumeration

Related Identifiers

Affected Products

References · 9