CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 28, 2025
Published Date
May 28, 2025
Last Updated
May 28, 2025
Vendor
TeleMessage
Product
service
Description
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

CVSS Scores

CVSS v3.1

4.0 - MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Score
0.02% (Percentile: 2.05%) as of 2025-06-20

SSVC Information

Exploitation
none
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2025-05-28 17:40:45 UTC) Source

Known Exploited Vulnerability Information

Source Added Date
CVE 2025-05-28 17:40:38 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel