CVE-2025-48481

Exploit

EPSS 0.05%
Veröffentlicht 30.05.2025 04:35:03
Zuletzt bearbeitet 04.06.2025 15:35:47
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invite_hash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link from the email to gain initial access to the account. This issue has been patched in version 1.8.180.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freescout ≫ Freescout Version < 1.8.180

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.145

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	6.1	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-841 Improper Enforcement of Behavioral Workflow

The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence.

https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-jgj2-x749-5wc7

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-48481

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48481

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48481

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-48481