4 matches found
CVE-2025-48481
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...
CVE-2025-48481 FreeScout Has Business Logic Errors
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...
CVE-2025-48481
Affected software: FreeScout (PHP/Laravel). Vulnerability: Business logic bypass allowing an attacker with an unactivated email invitation containing an invite_hash to self-activate a blocked or deleted account by using the invitation link, gaining initial access. Root cause / details: Described ...
PT-2025-23247 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue allows an attacker with an unactivated email invitation containing the invite hash to self-activate their account, even if it is blocked or deleted. This is achieved by leveraging the...