Back to KEVs

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 08, 2025
Published Date
May 08, 2025
Last Updated
May 12, 2025
Vendor
TeleMessage
Product
archiving backend
Description
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
Tags
cisa

CVSS Scores

CVSS v3.1

1.9 - LOW

Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Score
8.55% (Percentile: 91.91%) as of 2025-06-06

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-05-08 14:41:20 UTC) Source

References

https://news.ycombinator.com/item?id=43909220 https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/ https://www.theregister.com/2025/05/05/telemessage_investigating/

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-05-08 14:40:20 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel