CVE-2025-48928

Published May 28, 2025

Last updated 15 days ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48928 affects TeleMessage TM SGNL and involves the exposure of a core dump file to an unauthorized control sphere. The vulnerability stems from a JSP application where the heap content is similar to a "core dump," potentially including passwords transmitted over HTTP. If the heap dump is not properly secured, unauthorized parties could retrieve this sensitive data. This vulnerability, categorized as CWE-528, can allow attackers to extract credentials or confidential messages from exposed dump files, threatening both data privacy and system integrity. It has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog, indicating active exploitation in the wild.

Description
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
Source
cve@mitre.org
NVD status
Analyzed
CNA Tags
exclusively-hosted-service

Risk scores

CVSS 3.1

Type
Secondary
Base score
4
Impact score
1.4
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Known exploits

Data from CISA

Vulnerability name
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
Exploit added on
Jul 1, 2025
Exploit action due
Jul 22, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

cve@mitre.org
CWE-528
nvd@nist.gov
CWE-552

Social media

Hype score
Not currently trending

Configurations