KEVIntel
PRO Back to KEVs
4.3
CVSS
Medium

CVE-2025-48925

PUBLISHED

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the...

Not yet in CISA KEV

Exploited in the wild Remote Low complexity No user interaction
Vendor
TeleMessage
Product
service
Published
May 28, 2025
EPSS
0.1% · 30% pctl

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.

Weaknesses (CWE)

  • CWE-836

    Use of Password Hash Instead of Password for Authentication

CVSS Scores

CVSS v3.1 4.3 Medium

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitation Status

Exploited in the wild

Recorded 2026-06-01 10:34:53 UTC · CVE

References

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2026-06-01 10:34 UTC

Timeline

  • Added to KEVIntel

  • CVE Published to Public

  • CVE ID Reserved