CVE-2025-48476: CWE-841: Improper Enforcement of Behavioral Workflow in freescout-help-desk freescout
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180.
AI Analysis
Technical Summary
CVE-2025-48476 is a high-severity vulnerability affecting FreeScout, a free, self-hosted help desk and shared mailbox application. The flaw exists in versions prior to 1.8.180 and is classified under CWE-841, which pertains to improper enforcement of behavioral workflow. Specifically, the vulnerability arises from the use of the fill() method when adding or editing user records. This method fails to verify the absence of the password field in user-supplied data, leading to a mass-assignment vulnerability. Consequently, any user with permission to edit other users' profiles can manipulate the password field to reset another user's password without proper authorization. This enables the attacker to log in as the targeted user, potentially gaining unauthorized access to sensitive help desk data and functionalities. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity, given the attacker already has limited privileges (permission to edit users). The issue has been addressed and patched in FreeScout version 1.8.180. The CVSS 4.0 base score is 7.1, reflecting a high severity due to network attack vector, no user interaction, and the ability to compromise confidentiality and integrity with low privileges.
Potential Impact
For European organizations using FreeScout as their help desk or shared mailbox solution, this vulnerability poses a significant risk. Exploitation allows an attacker with limited user privileges to escalate their access by changing other users' passwords, potentially including administrative accounts. This can lead to unauthorized access to sensitive customer support data, internal communications, and operational workflows. The compromise of help desk systems can facilitate further lateral movement within the organization, data exfiltration, or disruption of customer support services. Given the critical role help desk platforms play in managing incident response and customer interactions, such an attack can degrade organizational trust and operational continuity. Additionally, unauthorized access to user accounts may violate GDPR requirements concerning data protection and access controls, exposing organizations to regulatory penalties and reputational damage.
Mitigation Recommendations
European organizations should immediately verify their FreeScout version and upgrade to version 1.8.180 or later, where the vulnerability is patched. Until the upgrade is applied, restrict user permissions to the minimum necessary, specifically limiting the ability to edit other users' profiles to trusted administrators only. Implement monitoring and alerting on user account modifications, especially password changes initiated by other users, to detect potential exploitation attempts. Employ multi-factor authentication (MFA) for all user accounts to reduce the impact of compromised credentials. Conduct regular audits of user permissions and access logs to identify anomalous activities. Additionally, consider network segmentation to isolate the FreeScout server from broader internal networks, limiting potential lateral movement if compromised. Finally, educate administrators and users about the risks of privilege misuse and enforce strict change management policies for user account modifications.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden
CVE-2025-48476: CWE-841: Improper Enforcement of Behavioral Workflow in freescout-help-desk freescout
Description
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill() method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result, a user with the right to edit other users of the system can change their password, and then log in to the system using the set password. This issue has been patched in version 1.8.180.
AI-Powered Analysis
Technical Analysis
CVE-2025-48476 is a high-severity vulnerability affecting FreeScout, a free, self-hosted help desk and shared mailbox application. The flaw exists in versions prior to 1.8.180 and is classified under CWE-841, which pertains to improper enforcement of behavioral workflow. Specifically, the vulnerability arises from the use of the fill() method when adding or editing user records. This method fails to verify the absence of the password field in user-supplied data, leading to a mass-assignment vulnerability. Consequently, any user with permission to edit other users' profiles can manipulate the password field to reset another user's password without proper authorization. This enables the attacker to log in as the targeted user, potentially gaining unauthorized access to sensitive help desk data and functionalities. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity, given the attacker already has limited privileges (permission to edit users). The issue has been addressed and patched in FreeScout version 1.8.180. The CVSS 4.0 base score is 7.1, reflecting a high severity due to network attack vector, no user interaction, and the ability to compromise confidentiality and integrity with low privileges.
Potential Impact
For European organizations using FreeScout as their help desk or shared mailbox solution, this vulnerability poses a significant risk. Exploitation allows an attacker with limited user privileges to escalate their access by changing other users' passwords, potentially including administrative accounts. This can lead to unauthorized access to sensitive customer support data, internal communications, and operational workflows. The compromise of help desk systems can facilitate further lateral movement within the organization, data exfiltration, or disruption of customer support services. Given the critical role help desk platforms play in managing incident response and customer interactions, such an attack can degrade organizational trust and operational continuity. Additionally, unauthorized access to user accounts may violate GDPR requirements concerning data protection and access controls, exposing organizations to regulatory penalties and reputational damage.
Mitigation Recommendations
European organizations should immediately verify their FreeScout version and upgrade to version 1.8.180 or later, where the vulnerability is patched. Until the upgrade is applied, restrict user permissions to the minimum necessary, specifically limiting the ability to edit other users' profiles to trusted administrators only. Implement monitoring and alerting on user account modifications, especially password changes initiated by other users, to detect potential exploitation attempts. Employ multi-factor authentication (MFA) for all user accounts to reduce the impact of compromised credentials. Conduct regular audits of user permissions and access logs to identify anomalous activities. Additionally, consider network segmentation to isolate the FreeScout server from broader internal networks, limiting potential lateral movement if compromised. Finally, educate administrators and users about the risks of privilege misuse and enforce strict change management policies for user account modifications.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-05-22T12:11:39.118Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 683937b2182aa0cae29e5f8a
Added to database: 5/30/2025, 4:44:34 AM
Last enriched: 7/7/2025, 8:44:01 PM
Last updated: 8/11/2025, 10:57:18 PM
Views: 15
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.