CVE-2025-48880

low-risk
Published 2025-05-30

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility of a race condition occurring. This issue has been patched in version 1.8.181.

Do I need to act?

-
0.26% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.6/10 Medium
NETWORK / HIGH complexity

Affected Products (1)

Affected Vendors

Freescout

References (2)

Patch https://github.com/freescout-help-desk/freescout/commit/3f5bb2841f7de3303bc3cb00...
Exploit https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-9vf2-m...
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal