CVE-2025-48477 Information

Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180 the application’s logic requires the user to perform a correct sequence of actions to implement a functional capability but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180.

Reference

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-2c82-qx7x-35h8