CVE-2025-48478
📋 TL;DR
FreeScout versions before 1.8.180 have a mass assignment vulnerability during user creation that allows attackers to manipulate all fields in the User object. This affects all FreeScout instances running vulnerable versions, potentially allowing unauthorized privilege escalation or data manipulation.
💻 Affected Systems
- FreeScout Help Desk
📦 What is this software?
Freescout by Freescout
⚠️ Risk & Real-World Impact
Worst Case
Attacker creates admin user with full system privileges, takes complete control of help desk system, accesses sensitive customer data, and modifies system configurations.
Likely Case
Attacker creates unauthorized user accounts with elevated privileges, accesses restricted help desk data, or modifies user permissions.
If Mitigated
Attack is detected and blocked by input validation controls or network segmentation, limiting impact to isolated help desk instance.
🎯 Exploit Status
Exploitation requires access to user creation endpoint, which typically requires some level of authentication, but could be combined with other vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.180
Vendor Advisory: https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-fqjj-79j2-8qx6
Restart Required: Yes
Instructions:
1. Backup your FreeScout database and files. 2. Download version 1.8.180 from GitHub. 3. Replace existing files with new version. 4. Run database migrations if needed. 5. Restart web server.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable new user registration functionality in FreeScout settings
Web Application Firewall Rules
allImplement WAF rules to block mass assignment patterns in user creation requests
🧯 If You Can't Patch
- Implement strict network access controls to limit who can access the user creation endpoints
- Enable detailed logging and monitoring of all user creation activities for suspicious patterns
🔍 How to Verify
Check if Vulnerable:
Check FreeScout version in admin panel or by examining the application files. Versions below 1.8.180 are vulnerable.Check Version:
Check /app/version file or admin panel at /admin/settings/generalVerify Fix Applied:
After patching, verify version shows 1.8.180 or higher in admin panel. Test user creation with various input parameters to ensure only allowed fields are accepted.📡 Detection & Monitoring
Log Indicators:
- Multiple user creation attempts with unusual field names
- User creation with admin or elevated privilege fields
- Rapid succession of user creation requests
Network Indicators:
- POST requests to user creation endpoints with unexpected parameters
- HTTP requests containing fields not in standard user creation forms
SIEM Query:
source="freescout-logs" AND (event="user_created" AND (parameters CONTAINS "admin" OR parameters CONTAINS "role" OR parameters CONTAINS "permission"))