CVE-2025-48488 is a medium-severity Cross-Site Scripting (XSS) vulnerability affecting FreeScout, a free self-hosted help desk and shared mailbox software. The vulnerability exists in versions prior to 1.8.180 and arises when the .htaccess file is deleted from the server. This deletion enables an attacker to upload an HTML file containing malicious JavaScript code. Because FreeScout improperly neutralizes input during web page generation (CWE-79), the malicious script can be executed in the context of the victim's browser. The vulnerability requires low attack complexity (AC:L), but partial privileges (PR:L) and user interaction (UI:P) are needed, as indicated by the CVSS vector. The vulnerability does not affect confidentiality, integrity, or availability directly but can lead to session hijacking, credential theft, or unauthorized actions performed by the victim user. The issue has been patched in version 1.8.180, and no known exploits are currently in the wild. The vulnerability is significant because FreeScout is often deployed in organizational environments to manage customer support and internal help desk functions, making it a potential vector for attackers to compromise user sessions or escalate privileges through social engineering or phishing attacks leveraging the XSS flaw.

For European organizations using FreeScout versions prior to 1.8.180, this vulnerability poses a risk of client-side code injection leading to session hijacking, theft of sensitive information, or unauthorized actions performed on behalf of legitimate users. Since FreeScout is self-hosted, organizations with less mature IT security practices or insufficient patch management may be particularly vulnerable. The impact is heightened in sectors where help desk systems handle sensitive customer or internal data, such as finance, healthcare, and government agencies. Exploitation could undermine user trust and lead to data breaches or compliance violations under GDPR if personal data is compromised. Additionally, attackers could leverage this XSS vulnerability as a foothold for further attacks within the network, especially if the help desk system integrates with other internal tools.

European organizations should immediately verify their FreeScout version and upgrade to version 1.8.180 or later to apply the official patch. Additionally, ensure that the .htaccess file is present and correctly configured to prevent unauthorized file uploads. Implement strict file upload validation and sanitization on the server side to block malicious HTML or script files. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers accessing the help desk portal. Regularly audit and monitor web server directories for unexpected file deletions or uploads. Educate users about the risks of interacting with suspicious links or files, as user interaction is required for exploitation. Finally, integrate FreeScout patch management into the organization's broader vulnerability management program to ensure timely updates.