CVE-2025-48476
📋 TL;DR
FreeScout versions before 1.8.180 have a mass-assignment vulnerability in user record editing that allows authenticated users with edit permissions to change other users' passwords without proper validation. This enables privilege escalation where an attacker can take over accounts. Only users with user editing permissions are affected.
💻 Affected Systems
- FreeScout
📦 What is this software?
Freescout by Freescout
⚠️ Risk & Real-World Impact
Worst Case
An attacker with user editing permissions could reset passwords for all users including administrators, take complete control of the help desk system, and potentially access sensitive customer data.
Likely Case
A malicious insider or compromised account with user editing permissions could reset passwords for specific high-value accounts to gain unauthorized access and escalate privileges.
If Mitigated
With proper access controls limiting who can edit users and monitoring of user permission changes, impact would be limited to authorized changes only.
🎯 Exploit Status
Exploitation requires authenticated access with user editing permissions. The vulnerability is straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.180
Vendor Advisory: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-7h5m-q39p-h849
Restart Required: Yes
Instructions:
1. Backup your FreeScout installation and database. 2. Download version 1.8.180 or newer from the official repository. 3. Replace existing files with new version. 4. Run any database migrations if required. 5. Restart web server services.
🔧 Temporary Workarounds
Restrict User Editing Permissions
allTemporarily remove or restrict permissions for users to edit other user accounts until patching can be completed.
🧯 If You Can't Patch
- Review and minimize user accounts with edit permissions to only essential administrators.
- Implement additional monitoring for user permission changes and password reset activities.
🔍 How to Verify
Check if Vulnerable:
Check FreeScout version in admin panel or by examining the application files. Versions below 1.8.180 are vulnerable.Check Version:
Check admin panel or examine app/version.php file for version information.Verify Fix Applied:
Confirm version is 1.8.180 or higher in admin panel and test that password field validation occurs during user edits.📡 Detection & Monitoring
Log Indicators:
- Unusual user permission changes
- Multiple password reset events for different users by same account
- Failed login attempts followed by password resets
Network Indicators:
- HTTP POST requests to user edit endpoints with password parameters from unauthorized sources
SIEM Query:
source="freescout" AND (event="user_edit" OR event="password_change") AND user!=target_user