CVE-2025-48927

Published May 28, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48927 is a vulnerability found in the TeleMessage TM SGNL platform. It is due to an insecure default configuration of the Spring Boot Actuator, which exposes the `/heapdump` endpoint. This flaw is categorized as an Initialization of a Resource with an Insecure Default (CWE-1188). Attackers can exploit this exposed endpoint to access sensitive memory dumps. This could lead to unauthorized data access or privilege escalation. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog and has issued an urgent advisory, setting a remediation deadline of July 22, 2025, for federal agencies.

Description
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Source
cve@mitre.org
NVD status
Analyzed
CNA Tags
exclusively-hosted-service
Products
telemessage

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
Exploit added on
Jul 1, 2025
Exploit action due
Jul 22, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-1188

Social media

Hype score
Not currently trending
  1. 🚨 SECURITY ALERT: Hackers are targeting the CVE-2025-48927 vulnerability in TeleMessage, exploiting the /heapdump endpoint! 🛡️ With over $2.17B in crypto thefts this year, stay vigilant! Block those malicious IPs and secure your data! 💰 #CryptoSecurity #TeleMessage

    @ChainGPTAI

    20 Jul 2025

    6023 Impressions

    17 Retweets

    73 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2025-48927: The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

    @ZeroDayFacts

    20 Jul 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Hackers are exploiting the CVE-2025-48927 vulnerability in TeleMessage, targeting the /heapdump endpoint. Users should block malicious IPs for security. Crypto thefts hit $2.17B in 2025. Read the full article ⤵️ https://t.co/0eSRY54Vcq

    @ChainGPTAINews

    20 Jul 2025

    10151 Impressions

    34 Retweets

    75 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is

    @DegenBelle

    19 Jul 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Hackers tap a TeleMessage flaw (CVE-2025-48927), probing unpatched government & corporate chats. Are your messages at risk? Discover why patch delays leave users exposed: https://t.co/CUMazF8fd1 https://t.co/H3VgbVP3r4

    @thebitgazette

    19 Jul 2025

    60 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is

    @DegenBelle

    19 Jul 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is

    @DegenBelle

    19 Jul 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CVE-2025-48927 flaw in Signal clone TeleMessage exposes plaintext passwords via unauthenticated /heapdump access. Used in gov comms, SGNL’s outdated config left critical creds at risk. Exploit attempts tracked. Full Article Link below:⬇️ https://t.co/ZYaU45ida0 htt

    @TechNadu

    19 Jul 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CVE-2025-48927 # Signal App Clone TeleMessage Vulnerability: https://t.co/AiazlINvfn

    @Iambivash007

    19 Jul 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. New threat intelligence reveals the CVE-2025-48927 exploit in TeleMessage remains active, targeting enterprise & government users. With over $2.17B stolen in 2025, this underscores how even legacy endpoints can expose the crypto ecosystem to systemic risk. Vigilance is

    @DegenBelle

    19 Jul 2025

    40 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. 🚨 Hackers Still Targeting TeleMessage Vulnerability GreyNoise reports ongoing exploitation attempts of CVE-2025-48927, tied to Spring Boot Actuator. ⚠️ 11 IPs seen launching attacks 🌐 2000+ IPs doing recon TeleMessage claims it’s patched but fixes may vary. Stay ale

    @cryptoplagiat

    19 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 JUST IN: Hackers continue probing @TeleMessage1 vulnerability (CVE-2025-48927), according to GreyNoise. So far, 11 IPs have launched attack attempts, while over 2,000 IPs have performed reconnaissance. The flaw, linked to Spring Boot Actuator, allows unauthenticated access

    @CoinRank_io

    19 Jul 2025

    2929 Impressions

    24 Retweets

    30 Likes

    0 Bookmarks

    22 Replies

    0 Quotes

  13. 🚨 Hackers targeting TeleMessage Signal clone flaw (CVE-2025-48927) to access sensitive data like passwords. Stay vigilant! https://t.co/13D7MBJkBf

    @not2cleverdotme

    18 Jul 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Hackers are actively exploiting a serious vulnerability (CVE-2025-48927) in the TeleMessage SGNL app, compromising usernames, passwords, and sensitive data. Stay informed about this security threat and protect your information. Read more here: https://t.co/qsqh6noRFf

    @trubetech

    18 Jul 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🔴 TeleMessage, Exposed Heap Dump Endpoint, #CVE-2025-48927 (Critical) https://t.co/QfgsUgFAbc

    @dailycve

    5 Jul 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-53602 Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927. https://t.co/LZkesXC9Tr

    @CVEnew

    4 Jul 2025

    693 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-48927 #TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability https://t.co/IFzB9sfZFT

    @ScyScan

    1 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🛡️ We added TeleMessage TM SGNL vulnerabilities CVE-2025-48927 & CVE-2025-48928 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/l0pDQQ9klz

    @CISACyber

    1 Jul 2025

    6442 Impressions

    12 Retweets

    29 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  19. CVE-2025-48927 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. https://t.co/j4ja2ElxxJ

    @CVEnew

    28 May 2025

    288 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations