AI description
CVE-2025-47729 is a vulnerability found in the TeleMessage TM SGNL application. The archiving backend of TeleMessage stores cleartext copies of messages from TM SGNL app users. This differs from the vendor's documentation, which describes "End-to-End encryption from the mobile phone through to the corporate archive". This vulnerability was exploited in the wild in May 2025. The vulnerability means that unauthorized individuals with high-privilege access could potentially view sensitive message contents in plaintext. This could compromise user privacy and corporate communication confidentiality because the messages were expected to be securely encrypted.
- Description
- The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
CVSS 3.1
- Type
- Primary
- Base score
- 4.9
- Impact score
- 3.6
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- TeleMessage TM SGNL Hidden Functionality Vulnerability
- Exploit added on
- May 12, 2025
- Exploit action due
- Jun 2, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-912
- nvd@nist.gov
- NVD-CWE-Other
- Hype score
- Not currently trending
📌 CISA adds TeleMessage TM SGNL flaw (CVE-2025-47729) to KEV catalog. Vulnerability exploited, affects backend archiving. #CyberSecurity #CISA https://t.co/Q7enQHEPw9 https://t.co/g1uiTQKnKY
@CyberHub_blog
13 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-47729 #TeleMessage TM SGNL Hidden Functionality Vulnerability https://t.co/eKQwFmqTFe
@ScyScan
13 May 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【悲報】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)さん、既知の悪用された脆弱性カタログに、アーカイブ機能付きSignalことTM SGNLのアーカイブ機能、もとい、隠し機能脆弱性CVE-2025-47729を追加して
@__kokumoto
13 May 2025
22069 Impressions
45 Retweets
175 Likes
66 Bookmarks
3 Replies
4 Quotes
CISA warns of a critical flaw in TeleMessage (CVE-2025-47729) exploited by hackers, risking unencrypted chat logs fromGov, Coinbase, Border Protection & more. Privileged messages are at risk 🚨 #DataLeak #US #CyberAlert https://t.co/IANIVsg2fA
@TweetThreatNews
13 May 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47729 a vulnerability in TeleMessage archiving backend has been added to CISA Known exploited vulnerabilities https://t.co/JRzx4ktLKE
@alexjplaskett
13 May 2025
1197 Impressions
3 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE Record: CVE-2025-47729 In case you’ve been living under a rock. https://t.co/yntRpmlxUc
@bmwalt
12 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added a TeleMessage TM SGNL hidden functionality vulnerability, CVE-2025-47729, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #KEVCatalog https://t.co/glqUNrY3
@CISACyber
12 May 2025
8055 Impressions
21 Retweets
43 Likes
6 Bookmarks
2 Replies
3 Quotes
CVE-2025-47729 The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality … https://t.co/amE4esZNl4
@CVEnew
8 May 2025
319 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:telemessage:text_message_archiver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E704BA3-25AB-4F8F-93DD-96A824FD0E85",
"versionEndIncluding": "2025-05-05"
}
],
"operator": "OR"
}
]
}
]