CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 28, 2025
Published Date
May 28, 2025
Last Updated
May 28, 2025
Vendor
TeleMessage
Product
service
Description
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

CVSS Scores

CVSS v3.1

5.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Score
0.04% (Percentile: 9.24%) as of 2025-06-20

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-05-28 17:40:38 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-05-28 17:40:31 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel