CVE-2025-48475
📋 TL;DR
CVE-2025-48475 is an authorization bypass vulnerability in FreeScout help desk software where authenticated users without mailbox or conversation access can view and edit all client data. This affects FreeScout installations prior to version 1.8.180. The vulnerability bypasses the intended client visibility controls.
💻 Affected Systems
- FreeScout
📦 What is this software?
Freescout by Freescout
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could access, modify, or delete all client information including potentially sensitive customer data, leading to data breach and compliance violations.
Likely Case
Internal users with limited permissions could access client data they shouldn't see, violating data segregation policies and potentially exposing sensitive information.
If Mitigated
With proper access controls and monitoring, impact is limited to unauthorized data viewing by authenticated users, with audit trails for detection.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated. No public exploit code has been identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.180
Vendor Advisory: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-xvch-f75c-8w8q
Restart Required: Yes
Instructions:
1. Backup your FreeScout installation and database. 2. Update to version 1.8.180 via the built-in updater or manual installation. 3. Restart the web server and any related services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Restrict User Permissions
allTemporarily restrict all user permissions to minimal levels and implement strict access controls until patching can be completed.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FreeScout from sensitive systems
- Enable detailed audit logging and monitor for unauthorized client data access patterns
🔍 How to Verify
Check if Vulnerable:
Check FreeScout version in admin panel or via 'php artisan freescout:version' command. If version is below 1.8.180, the system is vulnerable.Check Version:
php artisan freescout:versionVerify Fix Applied:
After updating, verify version is 1.8.180 or higher and test that users without mailbox access cannot view client data.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to client data endpoints by users without proper permissions
- Multiple client data queries from users with limited access roles
Network Indicators:
- Unusual patterns of API calls to client-related endpoints from non-admin users
SIEM Query:
source="freescout" AND (uri_path="/clients/*" OR uri_path="/api/clients/*") AND user_role!="admin" AND user_role!="supervisor"