CVE-2025-48472 is a medium-severity vulnerability classified under CWE-863 (Incorrect Authorization) affecting FreeScout, a free self-hosted help desk and shared mailbox application. The vulnerability exists in versions prior to 1.8.179. The core issue is an authorization logic flaw related to the management of mailbox notifications. Specifically, the application fails to verify whether a user disabling notifications for a mailbox already has access to that mailbox. More critically, the flawed implementation inadvertently grants users access to mailboxes for which they previously lacked permissions when they disable or enable notifications for those mailboxes. This means an unauthorized user can escalate their privileges by manipulating notification settings, thereby gaining unauthorized access to potentially sensitive mailbox data. The vulnerability is remotely exploitable without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The impact on confidentiality and integrity is low to moderate, as unauthorized mailbox access could expose sensitive communications or allow data manipulation. Availability and system control are not affected. The issue was patched in FreeScout version 1.8.179, which corrects the authorization checks to prevent unauthorized access through notification settings. There are no known exploits in the wild at the time of publication, but the vulnerability's nature and ease of exploitation make it a significant risk for organizations using vulnerable versions of FreeScout.

For European organizations using FreeScout versions prior to 1.8.179, this vulnerability poses a risk of unauthorized access to mailbox data, potentially exposing sensitive customer support communications, internal correspondence, or confidential information handled through the help desk system. This could lead to data breaches, loss of customer trust, and regulatory compliance issues under GDPR, especially if personal data is exposed. The unauthorized access could also allow attackers to manipulate or delete support tickets, disrupting service operations and impacting business continuity. Since FreeScout is often used by small to medium enterprises and public sector entities for managing customer support, the impact could be significant in sectors handling sensitive or regulated data, such as healthcare, finance, and government services. The vulnerability's remote exploitability without authentication increases the risk of external attackers compromising systems without insider access. However, the lack of known active exploits and the medium severity rating suggest the impact is serious but not critical, provided timely patching is applied.

European organizations should immediately verify their FreeScout deployment version and upgrade to version 1.8.179 or later to remediate this vulnerability. If immediate upgrading is not feasible, organizations should implement strict network access controls to limit exposure of the FreeScout application to trusted internal networks only, reducing the risk of remote exploitation. Additionally, review and audit mailbox access permissions and notification settings to detect any unauthorized changes or suspicious activity. Implement monitoring and alerting on configuration changes within FreeScout to quickly identify potential exploitation attempts. Organizations should also conduct user training to raise awareness about the risks of unauthorized mailbox access and encourage reporting of anomalies. Finally, ensure that backups of mailbox data and support tickets are regularly performed and securely stored to enable recovery in case of data manipulation or loss.