CVE-2025-48927 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

Exploit added

July 1, 2025

Action due

July 22, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

References

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/

Weakness Enumeration

CWE-ID	CWE Name
CWE-1188	Initialization of a Resource with an Insecure Default

Known Affected Software Configurations

cpe:2.3:a:smarsh:telemessage:-:::::::*

Details

Source:
NVD

Published:
May 28, 2025

Updated:
July 2, 2025

Risk information

CVSS v3

Base score:
5.3

Severity:

MEDIUM

Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2

Not defined