CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side e.g., the TM SGNL app to do MD5 hashing, and then accepts the hash as the authentication credential...

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities including rainbow tables with low computational effort...

CVE-2025-48927

CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...

VulnCheck KEV: CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...

CVE-2025-48929

The CVE-2025-48929 affects the TeleMessage service up to 2025-05-05, where authentication relies on a long‑lived credential that can be reused if discovered. This is the stated root cause. Some connected sources indicate this vulnerability has been exploited in the wild (May 2025) and suggest rem...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

PT-2025-23111 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the TeleMessage service, which is based on a JSP application. In this application, the heap content is similar to a "core dump", where a password previously sent over HTTP...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2025-48925

Summary: The TeleMessage service (through 2025-05-05) relies on a client-side MD5 hashing step (in the TM SGNL app) and accepts the resulting hash as the authentication credential. This design implies that authentication can be performed using a hash generated on the client, effectively tying cre...

PT-2025-23112 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the implementation of authentication through a long-lived credential in the TeleMessage service, which can be reused if discovered by an adversary. This has been exploited...

PT-2025-23100 · Unknown · Telemessage

Name of the Vulnerable Software and Affected Versions: TeleMessage service through 2025-05-05 Description: The issue concerns the TeleMessage service relying on client-side MD5 hashing for authentication credentials. This has been exploited in the wild. The service accepts the hash as the...

EUVD-2025-16214

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a “core dump” in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value...

VulnCheck KEV: CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues...

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers...