CVE-2025-48479 is a high-severity vulnerability affecting FreeScout, a free self-hosted help desk and shared mailbox software. The vulnerability arises from improper enforcement of behavioral workflow (CWE-841) in the laravel-translation-manager package used by FreeScout versions prior to 1.8.180. Specifically, the package fails to correctly validate user input, which allows an attacker with sufficient access rights (high privileges) to delete arbitrary directories on the server hosting FreeScout. This deletion capability can severely impact the availability and integrity of the system by removing critical files or directories, potentially disrupting service or causing data loss. The vulnerability does not require user interaction and can be exploited remotely over the network without authentication, assuming the attacker has high privileges within the system. The CVSS 4.0 base score is 8.5, reflecting the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation due to lack of authentication and user interaction requirements. The issue has been addressed in FreeScout version 1.8.180, where proper input validation has been implemented to prevent arbitrary directory deletion. No known exploits are currently reported in the wild, but the severity and nature of the vulnerability make it a critical concern for organizations using vulnerable versions of FreeScout.

For European organizations, this vulnerability poses a significant risk especially for those relying on FreeScout for customer support and internal ticketing systems. Exploitation could lead to deletion of important directories, resulting in service outages, loss of critical data, and disruption of business operations. This could affect confidentiality if sensitive data is deleted or corrupted, integrity due to unauthorized modification of system files, and availability by causing denial of service. Organizations in sectors such as finance, healthcare, and public administration, which often use help desk solutions to manage sensitive information and ensure operational continuity, may face regulatory and reputational damage if impacted. Additionally, the lack of known exploits does not preclude targeted attacks, especially from insiders or attackers who have gained elevated privileges. The vulnerability’s presence in a widely used open-source help desk platform increases the attack surface for European SMEs and enterprises that self-host FreeScout.

European organizations should immediately verify their FreeScout version and upgrade to version 1.8.180 or later where the vulnerability is patched. If immediate upgrade is not feasible, restrict access to the FreeScout instance to trusted administrators only, minimizing the risk of privilege escalation or misuse. Implement strict access controls and monitor user activities for suspicious behavior, especially any attempts to manipulate translation management features. Regularly back up FreeScout data and configuration to enable recovery in case of directory deletion. Conduct security audits on all third-party packages integrated with FreeScout to identify similar input validation issues. Additionally, consider deploying application-layer firewalls or runtime application self-protection (RASP) tools to detect and block malicious input patterns targeting directory deletion. Finally, maintain awareness of updates from FreeScout and related packages to promptly apply future security patches.