{"id":"CVE-2025-48480","summary":"FreeScout Has Business Logic Errors","details":"FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user, specifying the path to the user's avatar ../.htaccess during creation, and then delete the user's avatar, resulting in the deletion of the file .htaccess in the folder /storage/app/public. This issue has been patched in version 1.8.180.","aliases":["GHSA-pfjf-43mp-3gp2"],"modified":"2025-12-05T10:18:12.528395Z","published":"2025-05-30T04:34:34.040Z","database_specific":{"cwe_ids":["CWE-841"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48480.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/48xxx/CVE-2025-48480.json"},{"type":"ADVISORY","url":"https://github.com/freescout-help-desk/freescout/security/advisories/GHSA-pfjf-43mp-3gp2"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48480"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freescout-help-desk/freescout","events":[{"introduced":"0"},{"fixed":"9879e29c2054e842143620f40bac0eabf44c8054"}]}],"versions":["1.0.0","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.0","1.1.1","1.1.10","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.1.7","1.1.8","1.1.9","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.3.0","1.3.1","1.3.10","1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.3.17","1.3.18","1.3.19","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.2","1.4.3","1.4.4","1.4.6","1.4.7","1.4.8","1.4.9","1.5.0","1.5.1","1.5.10","1.5.11","1.5.12","1.5.13","1.5.14","1.5.15","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.5.9","1.6.0","1.6.1","1.6.10","1.6.11","1.6.12","1.6.13","1.6.14","1.6.15","1.6.16","1.6.17","1.6.18","1.6.19","1.6.2","1.6.20","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.10","1.7.11","1.7.12","1.7.13","1.7.14","1.7.15","1.7.16","1.7.17","1.7.18","1.7.19","1.7.2","1.7.20","1.7.21","1.7.22","1.7.23","1.7.24","1.7.25","1.7.26","1.7.27","1.7.28","1.7.29","1.7.3","1.7.30","1.7.4","1.7.5","1.7.6","1.7.7","1.7.9","1.8.0","1.8.1","1.8.10","1.8.100","1.8.101","1.8.102","1.8.103","1.8.104","1.8.105","1.8.106","1.8.107","1.8.108","1.8.109","1.8.11","1.8.110","1.8.111","1.8.112","1.8.113","1.8.114","1.8.115","1.8.116","1.8.117","1.8.118","1.8.119","1.8.12","1.8.120","1.8.121","1.8.122","1.8.123","1.8.124","1.8.125","1.8.126","1.8.127","1.8.128","1.8.129","1.8.13","1.8.130","1.8.131","1.8.132","1.8.133","1.8.134","1.8.135","1.8.136","1.8.137","1.8.138","1.8.139","1.8.14","1.8.140","1.8.141","1.8.142","1.8.143","1.8.144","1.8.145","1.8.146","1.8.147","1.8.148","1.8.149","1.8.15","1.8.150","1.8.151","1.8.152","1.8.153","1.8.154","1.8.155","1.8.156","1.8.157","1.8.158","1.8.159","1.8.16","1.8.160","1.8.161","1.8.162","1.8.163","1.8.164","1.8.165","1.8.166","1.8.167","1.8.168","1.8.169","1.8.17","1.8.170","1.8.171","1.8.172","1.8.173","1.8.174","1.8.175","1.8.176","1.8.177","1.8.178","1.8.179","1.8.18","1.8.19","1.8.2","1.8.20","1.8.21","1.8.22","1.8.23","1.8.24","1.8.25","1.8.26","1.8.27","1.8.28","1.8.29","1.8.3","1.8.30","1.8.31","1.8.32","1.8.33","1.8.34","1.8.35","1.8.36","1.8.37","1.8.38","1.8.39","1.8.4","1.8.40","1.8.41","1.8.42","1.8.43","1.8.44","1.8.45","1.8.46","1.8.47","1.8.48","1.8.49","1.8.5","1.8.50","1.8.51","1.8.52","1.8.53","1.8.54","1.8.55","1.8.56","1.8.57","1.8.58","1.8.59","1.8.6","1.8.60","1.8.61","1.8.62","1.8.63","1.8.65","1.8.66","1.8.67","1.8.68","1.8.69","1.8.7","1.8.70","1.8.71","1.8.72","1.8.73","1.8.74","1.8.75","1.8.76","1.8.77","1.8.78","1.8.79","1.8.8","1.8.80","1.8.81","1.8.82","1.8.83","1.8.84","1.8.85","1.8.86","1.8.87","1.8.88","1.8.89","1.8.9","1.8.90","1.8.91","1.8.92","1.8.93","1.8.94","1.8.95","1.8.96","1.8.97","1.8.98","1.8.99"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-48480.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"}]}