CVE-2025-48474
📋 TL;DR
FreeScout help desk software versions before 1.8.180 contain an access control vulnerability where users with 'show_only_assigned_conversations' enabled can assign themselves to arbitrary conversations within accessible mailboxes, bypassing conversation viewing restrictions. This affects all FreeScout instances with users configured with this permission setting. Attackers could access sensitive conversation data they shouldn't be authorized to view.
💻 Affected Systems
- FreeScout
📦 What is this software?
Freescout by Freescout
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized access to sensitive customer communications, support tickets, or confidential business information leading to data breaches, privacy violations, and regulatory compliance failures.
Likely Case
Internal users accessing conversations outside their authorized scope, potentially viewing sensitive customer data or internal communications they shouldn't have access to.
If Mitigated
Limited exposure if proper user permission reviews and access controls are implemented, with minimal impact on overall system security.
🎯 Exploit Status
Exploitation requires authenticated user access with specific permissions. The vulnerability is straightforward to exploit once an attacker has valid credentials and the required permission setting.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.180
Vendor Advisory: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9wc4-vchw-mr3m
Restart Required: Yes
Instructions:
1. Backup your FreeScout database and application files. 2. Download version 1.8.180 from the official repository. 3. Replace existing files with new version. 4. Run database migrations if required. 5. Restart web server and clear application cache.
🔧 Temporary Workarounds
Disable show_only_assigned_conversations permission
allTemporarily remove the vulnerable permission from all user accounts until patching can be completed.
UPDATE users SET show_only_assigned_conversations = 0 WHERE show_only_assigned_conversations = 1;
Implement conversation access logging
allEnable detailed logging for conversation access and assignment events to detect potential exploitation attempts.
Configure application logging to capture all conversation assignment events and user access patterns.
🧯 If You Can't Patch
- Review and audit all user accounts with 'show_only_assigned_conversations' permission, considering temporary removal of this permission.
- Implement network segmentation and restrict access to FreeScout instances to only authorized users and networks.
🔍 How to Verify
Check if Vulnerable:
Check FreeScout version in admin panel or by examining the application files. Versions below 1.8.180 are vulnerable if users have show_only_assigned_conversations enabled.Check Version:
Check admin dashboard or examine /app/version.php file contentsVerify Fix Applied:
After updating to 1.8.180, verify the version in admin panel and test that users with show_only_assigned_conversations cannot assign themselves to unauthorized conversations.📡 Detection & Monitoring
Log Indicators:
- Unusual conversation assignment patterns
- Users accessing conversations outside their normal scope
- Multiple conversation assignments by single user in short timeframe
Network Indicators:
- Increased API calls to conversation assignment endpoints
- Unusual access patterns to conversation viewing endpoints
SIEM Query:
source="freescout" AND (event_type="conversation_assignment" OR event_type="conversation_access") | stats count by user_id, conversation_id | where count > threshold