CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an...

Basic Information

CVE State: PUBLISHED
Reserved Date: May 28, 2025
Published Date: May 28, 2025
Last Updated: May 29, 2025
Vendor: TeleMessage
Product: service
Description: The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the wild in May 2025.

CVSS Scores

CVSS v3.1

2.8 - LOW

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

EPSS Score

Score: 0.01% (Percentile: 0.26%) as of 2025-06-05

SSVC Information

Exploitation: none
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2025-05-28 18:40:28 UTC) Source

References

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2025-05-28 18:40:22 UTC

Timeline

CVE ID Reserved

May 28, 2025
CVE Published to Public

May 28, 2025
Added to KEVIntel

May 28, 2025