cvedb.io
CVE-2025-48474
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2025-05-29T16:15:41.273 · Last modified 2026-06-17T09:29:40.753

Summary

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing conversations. This issue has been patched in version 1.8.180.

Affected products

freescout — freescout

Does this affect you?

Add your gear to cvedb and we'll alert you only when freescout ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.