CVE-2025-48477 is a high-severity vulnerability affecting FreeScout, a free self-hosted help desk and shared mailbox application. The vulnerability stems from improper enforcement of behavioral workflow (CWE-841) in versions prior to 1.8.180. Specifically, the application logic requires users to perform a correct sequence of actions to enable certain functional capabilities. However, due to this flaw, FreeScout allows access to these capabilities without requiring the user to complete all necessary preceding steps. This bypass enables unauthorized modification of the Mailbox object's attributes via the fill method. The vulnerability does not require user interaction and can be exploited remotely over the network with low attack complexity and only requires privileges equivalent to a logged-in user (PR:L). The vulnerability impacts confidentiality significantly (VC:H), with limited impact on integrity (VI:L) and no impact on availability (VA:N). The scope is unchanged, meaning the vulnerability affects only the vulnerable component. This flaw has been addressed and patched in FreeScout version 1.8.180. No known exploits are currently reported in the wild.

For European organizations using FreeScout versions prior to 1.8.180, this vulnerability poses a significant risk to the confidentiality of mailbox data. Attackers with valid user credentials but without elevated privileges can exploit this flaw to manipulate mailbox attributes improperly, potentially leading to unauthorized access or data leakage within the help desk environment. This can compromise sensitive customer support information, internal communications, and potentially expose personal data protected under GDPR. The integrity impact is limited but could still affect the accuracy of mailbox configurations or workflow processes, disrupting normal operations. Since FreeScout is often used by small to medium enterprises and public sector organizations for customer support, exploitation could undermine trust and operational efficiency. The lack of requirement for user interaction and the low complexity of exploitation increase the risk of automated or targeted attacks. However, the absence of known exploits in the wild suggests limited active exploitation currently.

European organizations should immediately verify their FreeScout deployment version and upgrade to version 1.8.180 or later where this vulnerability is patched. If upgrading is not immediately feasible, organizations should restrict access to FreeScout instances to trusted networks and enforce strict authentication and authorization controls to limit user privileges. Implement monitoring and alerting for unusual mailbox attribute changes or workflow bypass attempts. Conduct regular audits of user permissions and mailbox configurations to detect unauthorized modifications. Additionally, consider deploying Web Application Firewalls (WAFs) with custom rules to detect and block anomalous API calls related to mailbox attribute changes. Organizations should also educate administrators and users about the importance of applying security updates promptly and maintaining secure operational procedures around help desk software.