CVE-2025-48477

Description

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the applications logic requires the user to perform a correct sequence of actions to implement a functional capability, but the application allows access to the functional capability without correctly completing one or more actions in the sequence. The leaves the attributes of Mailbox object able to be changed by the fill method. This issue has been patched in version 1.8.180.