CVE-2025-48927
Published May 28, 2025
Last updated 2 months ago
AI description
CVE-2025-48927 is a vulnerability found in the TeleMessage TM SGNL platform. It is due to an insecure default configuration of the Spring Boot Actuator, which exposes the `/heapdump` endpoint. This flaw is categorized as an Initialization of a Resource with an Insecure Default (CWE-1188). Attackers can exploit this exposed endpoint to access sensitive memory dumps. This could lead to unauthorized data access or privilege escalation. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and has issued an urgent advisory, setting a remediation deadline of July 22, 2025, for federal agencies.
- Description
- The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- CNA Tags
- exclusively-hosted-service
- Products
- telemessage
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
- Exploit added on
- Jul 1, 2025
- Exploit action due
- Jul 22, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- cve@mitre.org
- CWE-1188
- Hype score
- Not currently trending
🚨 SECURITY ALERT: Hackers are targeting the CVE-2025-48927 vulnerability in TeleMessage, exploiting the /heapdump endpoint! 🛡️ With over $2.17B in crypto thefts this year, stay vigilant! Block those malicious IPs and secure your data! 💰 #CryptoSecurity #TeleMessage
@ChainGPTAI
20 Jul 2025
6023 Impressions
17 Retweets
73 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48927: The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
@ZeroDayFacts
20 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting the CVE-2025-48927 vulnerability in TeleMessage, targeting the /heapdump endpoint. Users should block malicious IPs for security. Crypto thefts hit $2.17B in 2025. Read the full article ⤵️ https://t.co/0eSRY54Vcq
@ChainGPTAINews
20 Jul 2025
10151 Impressions
34 Retweets
75 Likes
0 Bookmarks
0 Replies
0 Quotes
New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is
@DegenBelle
19 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers tap a TeleMessage flaw (CVE-2025-48927), probing unpatched government & corporate chats. Are your messages at risk? Discover why patch delays leave users exposed: https://t.co/CUMazF8fd1 https://t.co/H3VgbVP3r4
@thebitgazette
19 Jul 2025
60 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is
@DegenBelle
19 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is
@DegenBelle
19 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-48927 flaw in Signal clone TeleMessage exposes plaintext passwords via unauthenticated /heapdump access. Used in gov comms, SGNL’s outdated config left critical creds at risk. Exploit attempts tracked. Full Article Link below:⬇️ https://t.co/ZYaU45ida0 htt
@TechNadu
19 Jul 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48927 # Signal App Clone TeleMessage Vulnerability: https://t.co/AiazlINvfn
@Iambivash007
19 Jul 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is
@DegenBelle
19 Jul 2025
40 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Hackers Still Targeting TeleMessage Vulnerability GreyNoise reports ongoing exploitation attempts of CVE-2025-48927, tied to Spring Boot Actuator. ⚠️ 11 IPs seen launching attacks 🌐 2000+ IPs doing recon TeleMessage claims it’s patched but fixes may vary. Stay ale
@cryptoplagiat
19 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 JUST IN: Hackers continue probing @TeleMessage1 vulnerability (CVE-2025-48927), according to GreyNoise. So far, 11 IPs have launched attack attempts, while over 2,000 IPs have performed reconnaissance. The flaw, linked to Spring Boot Actuator, allows unauthenticated access
@CoinRank_io
19 Jul 2025
2929 Impressions
24 Retweets
30 Likes
0 Bookmarks
22 Replies
0 Quotes
🚨 Hackers targeting TeleMessage Signal clone flaw (CVE-2025-48927) to access sensitive data like passwords. Stay vigilant! https://t.co/13D7MBJkBf
@not2cleverdotme
18 Jul 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers are actively exploiting a serious vulnerability (CVE-2025-48927) in the TeleMessage SGNL app, compromising usernames, passwords, and sensitive data. Stay informed about this security threat and protect your information. Read more here: https://t.co/qsqh6noRFf
@trubetech
18 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 TeleMessage, Exposed Heap Dump Endpoint, #CVE-2025-48927 (Critical) https://t.co/QfgsUgFAbc
@dailycve
5 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-53602 Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927. https://t.co/LZkesXC9Tr
@CVEnew
4 Jul 2025
693 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-48927 #TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability https://t.co/IFzB9sfZFT
@ScyScan
1 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added TeleMessage TM SGNL vulnerabilities CVE-2025-48927 & CVE-2025-48928 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/l0pDQQ9klz
@CISACyber
1 Jul 2025
6442 Impressions
12 Retweets
29 Likes
8 Bookmarks
1 Reply
0 Quotes
CVE-2025-48927 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. https://t.co/j4ja2ElxxJ
@CVEnew
28 May 2025
288 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:smarsh:telemessage:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B293A52C-05E4-41AE-B9BD-759E67B53996"
}
],
"operator": "OR"
}
]
}
]