PT-2025-23110 · Unknown · Telemessage +1

Name of the Vulnerable Software and Affected Versions: TeleMessage versions through 2025-05-05 TeleMessage TM SGNL affected versions not specified Description: The TeleMessage service configures Spring Boot Actuator with an exposed heap dump endpoint at the /heapdump URI. This vulnerability has...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier that stems from relying on the client to perform MD5 hashing and accept the hash as authentication credentials...

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

CVE-2025-48927

CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...

VulnCheck KEV: CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

CVE-2025-48929

The CVE-2025-48929 affects the TeleMessage service up to 2025-05-05, where authentication relies on a long‑lived credential that can be reused if discovered. This is the stated root cause. Some connected sources indicate this vulnerability has been exploited in the wild (May 2025) and suggest rem...

PT-2025-23113 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the storage of certain cleartext information in memory by the TeleMessage service. This information may be accessible to an adversary through various means. There have bee...

PT-2025-23112 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the implementation of authentication through a long-lived credential in the TeleMessage service, which can be reused if discovered by an adversary. This has been exploited...

CVE-2025-48931

The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...

CVE-2025-48925

Summary: The TeleMessage service (through 2025-05-05) relies on a client-side MD5 hashing step (in the TM SGNL app) and accepts the resulting hash as the authentication credential. This design implies that authentication can be performed using a hash generated on the client, effectively tying cre...

DDoSecrets Adds 410GB of TeleMessage Breach Data to Index

DDoSecrets indexes 410GB of breached TeleMessage data, including messages and metadata, from hack tied to unsecured Signal clone used by US government officials...

How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes

The company behind the Signal clone used by at least one Trump administration official was breached earlier this month. The hacker says they got in thanks to a basic misconfiguration...

CISA Adds TeleMessage Vulnerability to KEV List Following Breach

CISA adds TeleMessage flaw to KEV list, urges agencies to act within 3 weeks after a breach exposed…...

TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users...

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL aka Archive Signal app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as...

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...

CVE-2025-47730

The TeleMessage archiving backend through 2025-05-05 accepts API calls to request an authentication token from the TM SGNL aka Archive Signal app with the credentials of logfile for the user and enRR8UVVywXYbFkqUQDPRkO for the password...