8 matches found
CVE-2025-48927
CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...
CVE-2025-48928
CVE-2025-48928 affects the TeleMessage service (TeleMessage TM SGNL) running a JSP-based application up to 2025-05-05. The issue is that heap content can resemble a core dump, exposing passwords previously sent over HTTP within that dump. Exploitation was observed in the wild in May 2025. Public ...
CVE-2025-47730
The TeleMessage archiving backend (versions through 2025-05-05) is affected by an authentication-side flaw where the API endpoint used to request an authentication token accepts calls from the TM SGNL (Archive Signal) app using hardcoded credentials (user: logfile, password: enRR8UVVywXYbFkqU#QDP...
CVE-2025-48929
The CVE-2025-48929 affects the TeleMessage service up to 2025-05-05, where authentication relies on a long‑lived credential that can be reused if discovered. This is the stated root cause. Some connected sources indicate this vulnerability has been exploited in the wild (May 2025) and suggest rem...
CVE-2025-48925
Summary: The TeleMessage service (through 2025-05-05) relies on a client-side MD5 hashing step (in the TM SGNL app) and accepts the resulting hash as the authentication credential. This design implies that authentication can be performed using a hash generated on the client, effectively tying cre...
CVE-2025-48931
The CVE-2025-48931 entry concerns TeleMessage service passwords hashed with MD5 (through 2025-05-05). Root cause: MD5-based password hashing enabling rainbow-table and related attacks with low computational effort. Impact is implied as password-cryptography weakness; no explicit exploited vector ...
CVE-2025-48930
CVE-2025-48930 concerns the TeleMessage service up to 2025-05-05. The issue is that the service stores certain data in memory in cleartext, and this memory content may be accessible to an adversary via various avenues. The primary concrete detail across connected sources is the in-memory storage ...
CVE-2025-48926
CVE-2025-48926 affects the TeleMessage service admin panel (through 2025-05-05). The vulnerability enables an attacker to enumerate sensitive user data including usernames, email addresses, passwords, and telephone numbers via the administrative interface, constituting a high confidentiality impa...