CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 28, 2025
- Published Date
- May 28, 2025
- Last Updated
- May 28, 2025
- Vendor
- TeleMessage
- Product
- service
- Description
- The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
CVSS Scores
CVSS v3.1
4.0 - MEDIUM
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
- Score
- 0.02% (Percentile: 2.05%) as of 2025-06-20
SSVC Information
- Exploitation
- none
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (2025-05-28 17:40:45 UTC) Source
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2025-05-28 17:40:38 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel