CVE-2025-47729 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

TeleMessage TM SGNL Hidden Functionality Vulnerability

Exploit added

May 12, 2025

Action due

June 2, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage “End-to-End encryption from the mobile phone through to the corporate archive” documentation, as exploited in the wild in May 2025.

References

https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/
https://news.ycombinator.com/item?id=43909220
https://www.theregister.com/2025/05/05/telemessage_investigating/

Weakness Enumeration

CWE-ID	CWE Name
CWE-912	Hidden Functionality

Details

Source:
NVD

Published:
May 8, 2025

Updated:
May 14, 2025

Risk information

CVSS v3

Base score:
1.9

Severity:

LOW

Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

CVSS v2

Not defined