CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 28, 2025
Published Date
May 28, 2025
Last Updated
July 01, 2025
Vendor
TeleMessage
Product
service
Description
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.

CVSS Scores

CVSS v3.1

4.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

Score
0.04% (Percentile: 10.14%) as of 2025-06-26

SSVC Information

Exploitation
none
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-05-28 17:40:25 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-05-28 17:40:18 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel