← Volver a CVEs
CVE-2025-48474
HIGH8.1
Descripcion
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have access, thereby bypassing the restriction on viewing conversations. This issue has been patched in version 1.8.180.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado5/29/2025
Ultima modificacion7/2/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
freescout:freescout
Debilidades (CWE)
CWE-863
Referencias
https://github.com/freescout-help-desk/freescout/commit/87cdb65d6b632b5292bcac2d7a209f6e36ae51d7(security-advisories@github.com)
https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9wc4-vchw-mr3m(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.