CVE-2025-48473
📋 TL;DR
This vulnerability in FreeScout allows authenticated users to view messages from conversations they shouldn't have access to when creating new conversations from existing messages. It affects all FreeScout instances prior to version 1.8.179 where users have access to create conversations. The issue bypasses conversation access controls implemented by the show_only_assigned_conversations setting.
💻 Affected Systems
- FreeScout
📦 What is this software?
Freescout by Freescout
⚠️ Risk & Real-World Impact
Worst Case
Malicious insider or compromised account could access sensitive customer communications, private messages, or confidential business information from other mailboxes and conversations, potentially leading to data breaches or privacy violations.
Likely Case
Users accidentally or intentionally viewing conversations they shouldn't have access to, violating data segregation and privacy expectations within the help desk system.
If Mitigated
Limited exposure if strict access controls are already in place and users have minimal permissions, but the vulnerability still allows bypass of intended conversation isolation.
🎯 Exploit Status
Exploitation requires a valid user account with permissions to create conversations. The vulnerability is in the conversation creation flow when referencing existing messages.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.179
Vendor Advisory: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-3x75-7856-r794
Restart Required: No
Instructions:
1. Backup your FreeScout installation and database. 2. Download version 1.8.179 or later from the official repository. 3. Replace the existing installation files with the patched version. 4. Clear any caching mechanisms. 5. Verify the update was successful by checking the version in the admin panel.
🔧 Temporary Workarounds
Disable conversation creation from messages
allRemove or restrict the ability for users to create new conversations from existing messages through configuration or permission changes.
Implement strict user permission controls
allLimit which users can create conversations and ensure minimal necessary permissions are granted.
🧯 If You Can't Patch
- Implement network segmentation to restrict access to FreeScout only to authorized users and systems.
- Enable detailed audit logging for all conversation access and creation activities to detect potential abuse.
🔍 How to Verify
Check if Vulnerable:
Check your FreeScout version in the admin panel or by examining the application files. If version is below 1.8.179, you are vulnerable.Check Version:
Check the version in FreeScout admin panel at /admin/settings or examine the app/version.php file for version information.Verify Fix Applied:
After updating, verify the version shows 1.8.179 or higher in the admin panel. Test the conversation creation from message feature with test accounts having restricted conversation access.📡 Detection & Monitoring
Log Indicators:
- Unusual patterns of conversation creation from messages, especially by users accessing conversations outside their normal scope
- Multiple failed access attempts followed by successful conversation creation from restricted messages
Network Indicators:
- Increased API calls to conversation endpoints from single users in short timeframes
SIEM Query:
source="freescout" AND (event="conversation_created" OR event="message_access") | stats count by user_id, conversation_id | where count > threshold