Skip to main content

CVE-2025-48476: CWE-841: Improper Enforcement of Behavioral Workflow in freescout-help-desk freescout

High
VulnerabilityCVE-2025-48476cvecve-2025-48476cwe-841
Published: Fri May 30 2025 (05/30/2025, 04:30:09 UTC)
Source: CVE Database V5
Vendor/Project: freescout-help-desk
Product: freescout

Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180.

AI-Powered Analysis

AILast updated: 07/07/2025, 20:44:01 UTC

Technical Analysis

CVE-2025-48476 is a high-severity vulnerability affecting FreeScout, a free, self-hosted help desk and shared mailbox application. The flaw exists in versions prior to 1.8.180 and is classified under CWE-841, which pertains to improper enforcement of behavioral workflow. Specifically, the vulnerability arises from the use of the fill() method when adding or editing user records. This method fails to verify the absence of the password field in user-supplied data, leading to a mass-assignment vulnerability. Consequently, any user with permission to edit other users' profiles can manipulate the password field to reset another user's password without proper authorization. This enables the attacker to log in as the targeted user, potentially gaining unauthorized access to sensitive help desk data and functionalities. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity, given the attacker already has limited privileges (permission to edit users). The issue has been addressed and patched in FreeScout version 1.8.180. The CVSS 4.0 base score is 7.1, reflecting a high severity due to network attack vector, no user interaction, and the ability to compromise confidentiality and integrity with low privileges.

Potential Impact

For European organizations using FreeScout as their help desk or shared mailbox solution, this vulnerability poses a significant risk. Exploitation allows an attacker with limited user privileges to escalate their access by changing other users' passwords, potentially including administrative accounts. This can lead to unauthorized access to sensitive customer support data, internal communications, and operational workflows. The compromise of help desk systems can facilitate further lateral movement within the organization, data exfiltration, or disruption of customer support services. Given the critical role help desk platforms play in managing incident response and customer interactions, such an attack can degrade organizational trust and operational continuity. Additionally, unauthorized access to user accounts may violate GDPR requirements concerning data protection and access controls, exposing organizations to regulatory penalties and reputational damage.

Mitigation Recommendations

European organizations should immediately verify their FreeScout version and upgrade to version 1.8.180 or later, where the vulnerability is patched. Until the upgrade is applied, restrict user permissions to the minimum necessary, specifically limiting the ability to edit other users' profiles to trusted administrators only. Implement monitoring and alerting on user account modifications, especially password changes initiated by other users, to detect potential exploitation attempts. Employ multi-factor authentication (MFA) for all user accounts to reduce the impact of compromised credentials. Conduct regular audits of user permissions and access logs to identify anomalous activities. Additionally, consider network segmentation to isolate the FreeScout server from broader internal networks, limiting potential lateral movement if compromised. Finally, educate administrators and users about the risks of privilege misuse and enforce strict change management policies for user account modifications.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2025-05-22T12:11:39.118Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 683937b2182aa0cae29e5f8a

Added to database: 5/30/2025, 4:44:34 AM

Last enriched: 7/7/2025, 8:44:01 PM

Last updated: 8/11/2025, 10:57:18 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats