- Description
- The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
- Products
- text_message_archiver
CVSS 3.1
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- TeleMessage TM SGNL Hidden Functionality Vulnerability
- Exploit added on
- May 12, 2025
- Exploit action due
- Jun 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-912
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
📌 CISA adds TeleMessage TM SGNL flaw (CVE-2025-47729) to KEV catalog. Vulnerability exploited, affects backend archiving. #CyberSecurity #CISA https://t.co/Q7enQHEPw9 https://t.co/g1uiTQKnKY
@CyberHub_blog
13 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47729 #TeleMessage TM SGNL Hidden Functionality Vulnerability https://t.co/eKQwFmqTFe
@ScyScan
13 May 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【悲報】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)さん、既知の悪用された脆弱性カタログに、アーカイブ機能付きSignalことTM SGNLのアーカイブ機能、もとい、隠し機能脆弱性CVE-2025-47729を追加して
@__kokumoto
13 May 2025
22069 Impressions
45 Retweets
175 Likes
66 Bookmarks
3 Replies
4 Quotes
CISA warns of a critical flaw in TeleMessage (CVE-2025-47729) exploited by hackers, risking unencrypted chat logs fromGov, Coinbase, Border Protection & more. Privileged messages are at risk 🚨 #DataLeak #US #CyberAlert https://t.co/IANIVsg2fA
@TweetThreatNews
13 May 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47729 a vulnerability in TeleMessage archiving backend has been added to CISA Known exploited vulnerabilities https://t.co/JRzx4ktLKE
@alexjplaskett
13 May 2025
1197 Impressions
3 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE Record: CVE-2025-47729 In case you’ve been living under a rock. https://t.co/yntRpmlxUc
@bmwalt
12 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added a TeleMessage TM SGNL hidden functionality vulnerability, CVE-2025-47729, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #KEVCatalog https://t.co/glqUNrY3
@CISACyber
12 May 2025
8055 Impressions
21 Retweets
43 Likes
6 Bookmarks
2 Replies
3 Quotes
CVE-2025-47729 The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality … https://t.co/amE4esZNl4
@CVEnew
8 May 2025
319 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:telemessage:text_message_archiver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E704BA3-25AB-4F8F-93DD-96A824FD0E85",
"versionEndIncluding": "2025-05-05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]