VulnCheck KEV: CVE-2025-48927

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the use of MD5 for password hashing and could lead to a rainbow table attack...

PT-2025-23114 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the use of MD5 for password hashing, which allows for various attack possibilities, including the use of rainbow tables, with low computational effort. Recommendations: Fo...

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from storing plaintext messages in memory, which could lead to message disclosure...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from an administrative panel that allows an attacker to discover usernames, email addresses, passwords, an...

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

PT-2025-23101 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue allows attackers to discover sensitive information, including usernames, e-mail addresses, passwords, and telephone numbers, in the admin panel of the TeleMessage service. This has...

VulnCheck KEV: CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

CVE-2025-48930

CVE-2025-48930 concerns the TeleMessage service up to 2025-05-05. The issue is that the service stores certain data in memory in cleartext, and this memory content may be accessible to an adversary via various avenues. The primary concrete detail across connected sources is the in-memory storage ...

CVE-2025-48926

CVE-2025-48926 affects the TeleMessage service admin panel (through 2025-05-05). The vulnerability enables an attacker to enumerate sensitive user data including usernames, email addresses, passwords, and telephone numbers via the administrative interface, constituting a high confidentiality impa...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from exposing a heap dump endpoint when configuring Spring Boot Actuator...

VulnCheck KEV: CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the heap content of a JSP application containing a password sent over HTTP...

VulnCheck KEV: CVE-2025-48928

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

PT-2025-23111 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the TeleMessage service, which is based on a JSP application. In this application, the heap content is similar to a "core dump", where a password previously sent over HTTP...

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

CVE-2025-48928

CVE-2025-48928 affects the TeleMessage service (TeleMessage TM SGNL) running a JSP-based application up to 2025-05-05. The issue is that heap content can resemble a core dump, exposing passwords previously sent over HTTP within that dump. Exploitation was observed in the wild in May 2025. Public ...