CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 28, 2025
Published Date: May 28, 2025
Last Updated: May 28, 2025
Vendor: TeleMessage
Product: service
Description: The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025.

CVSS Scores

CVSS v3.1

4.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

Score: 0.05% (Percentile: 14.53%) as of 2025-06-20

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-05-28 17:40:25 UTC) Source

References

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2025-05-28 17:40:18 UTC

Timeline

CVE ID Reserved

May 28, 2025
CVE Published to Public

May 28, 2025
Added to KEVIntel

May 28, 2025