CVE-2025-48487 is a cross-site scripting (XSS) vulnerability identified in FreeScout, a free self-hosted help desk and shared mailbox software. The vulnerability exists in versions prior to 1.8.180. Specifically, the flaw arises when creating translations of phrases that appear in flash messages after completed actions. Improper neutralization of input during web page generation allows an attacker to inject malicious scripts into these flash messages. When a user views the affected flash message, the injected script executes in the context of the user's browser, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The CVSS 4.0 base score is 6.0 (medium severity), reflecting network attack vector, low attack complexity, no privileges required but user interaction needed, and high scope impact due to the vulnerability affecting components beyond the initially vulnerable code. No known exploits are currently reported in the wild, and the issue has been patched in version 1.8.180 of FreeScout. The vulnerability is classified under CWE-79, which covers improper neutralization of input leading to XSS attacks. This vulnerability is particularly relevant for organizations self-hosting FreeScout instances, as it can be exploited remotely via crafted inputs in translation phrases, potentially compromising user sessions and data confidentiality.

For European organizations using FreeScout for help desk and mailbox management, this vulnerability poses a risk of unauthorized script execution within the context of authenticated users. Successful exploitation could lead to theft of session cookies, enabling attackers to impersonate users, access sensitive support tickets, or manipulate help desk workflows. This could result in data breaches involving customer information, internal communications, or confidential support data. The impact on integrity and confidentiality is significant, especially in sectors handling sensitive personal or corporate data, such as finance, healthcare, and government agencies. Additionally, the availability of the help desk service could be indirectly affected if attackers leverage the vulnerability to disrupt operations or escalate privileges. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated, particularly in environments with high user trust and sensitive data.

European organizations should immediately upgrade FreeScout installations to version 1.8.180 or later, where the vulnerability is patched. Until upgrading, administrators should restrict access to translation management interfaces to trusted personnel only and implement strict input validation and sanitization on any user-supplied content related to translations or flash messages. Employing Content Security Policy (CSP) headers can help mitigate the impact of XSS by restricting script execution sources. Regularly audit and monitor logs for unusual activities related to flash message generation or translation inputs. Additionally, educate users about the risks of interacting with unexpected or suspicious flash messages. Network-level protections such as web application firewalls (WAFs) can be configured to detect and block common XSS payloads targeting FreeScout. Finally, implement multi-factor authentication (MFA) for user accounts to reduce the risk of session hijacking consequences.