CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 28, 2025
Published Date
May 28, 2025
Last Updated
July 30, 2025
Vendor
TeleMessage
Product
service
Description
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Tags
cisa

CVSS Scores

CVSS v3.1

5.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Score
0.04% (Percentile: 9.11%) as of 2025-06-26

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-05-28 17:40:38 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-05-28 17:40:31 UTC

Recent Mentions

Hackers scanning for TeleMessage Signal clone flaw exposing passwords

Source: BleepingComputer • Published: 2025-07-18 15:06:05 UTC

Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. [...]

Flaw in Signal Clone TeleMessage Exploited En Masse for Password Theft

Source: CyberInsider • Published: 2025-07-18 07:13:30 UTC

A vulnerability in TeleMessageTM SGNL, a secure messaging platform modeled after Signal and widely used by government agencies and regulated enterprises, is now under active exploitation. GreyNoise confirms that attackers are probing for and exploiting CVE-2025-48927, a flaw that could allow unauthenticated access to memory dumps containing plaintext credentials. The vulnerability, first disclosed in May … The post Flaw in Signal Clone TeleMessage Exploited En Masse for Password Theft appeared first on CyberInsider.
A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessageTM SGNL. If exposed, this endpoint can return a full snapshot of heap memory which may include plaintext usernames, passwords, and other sensitive data.

[io.zipkin:zipkin-server] Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Source: Github Advisory Database (Maven) • Published: 2025-07-04 21:30:32 UTC

Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927. References https://nvd.nist.gov/vuln/detail/CVE-2025-53602 https://github.com/openzipkin/zipkin/pull/3804 https://github.com/openzipkin/zipkin/commit/3c7605dfdfab2dd341cf0ea121a56cefcd580d9e https://zipkin.io https://github.com/advisories/GHSA-794x-8x6x-qpfc

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel