CVE-2025-48927
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 28, 2025
- Published Date
- May 28, 2025
- Last Updated
- May 28, 2025
- Vendor
- TeleMessage
- Product
- service
- Description
- The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVSS Scores
CVSS v3.1
5.3 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
- Score
- 0.04% (Percentile: 9.24%) as of 2025-06-20
SSVC Information
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (2025-05-28 17:40:38 UTC) Source
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2025-05-28 17:40:31 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel