CVE-2025-48488

CVSS v2.0

6.8

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.180

Description The issue allows an attacker to upload an HTML file containing malicious JavaScript code to the server, resulting in a Cross-Site Scripting (XSS) vulnerability. This occurs when the .htaccess file is deleted prior to version 1.8.180.

Recommendations For versions prior to 1.8.180, update to version 1.8.180 to resolve the issue. As a temporary workaround, consider restricting access to the server to prevent malicious file uploads until the update is applied. Additionally, avoid deleting the .htaccess file to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2025-06964

CVE-2025-48488

GHSA-2M76-538H-7HF9

Affected Products

Freescout

CVE-2025-48488

Weakness Enumeration

Related Identifiers

Affected Products

References · 7