CVE-2025-48480
LOWDescription
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's avatar, resulting in the deletion of the file .htaccess in the folder /storage/app/public. This issue has been patched in version 1.8.180.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| freescout | freescout |
References
Frequently Asked Questions
What is CVE-2025-48480? +
How severe is CVE-2025-48480? +
What products are affected by CVE-2025-48480? +
How do I check if I'm vulnerable to CVE-2025-48480? +
Related Vulnerabilities
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous …
Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status …
Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful …
Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful …
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the …
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a …