CVE-2025-48926
published 2025-05-28CVE-2025-48926: The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.22%
12.0th percentile
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smarsh | telemessage | <= 2025-05-05 | — |
| telemessage | service | <= 2025-05-05 | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vprv-ph4x-pqgj: The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbe
ghsa_unreviewed·2025-05-28
CVE-2025-48926 [MEDIUM] CWE-288 GHSA-vprv-ph4x-pqgj: The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbe
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.
VulnCheck
smarsh telemessage Authentication Bypass Using an Alternate Path or Channel
vulncheck·2025·CVSS 4.3
CVE-2025-48926 [MEDIUM] smarsh telemessage Authentication Bypass Using an Alternate Path or Channel
smarsh telemessage Authentication Bypass Using an Alternate Path or Channel
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
Affected: TeleMessage TM SGNL
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2025-48926; https://flashpoint.io/blog/flashpoint-weekly-vulnerability-insights-prioritization/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-28
Published
Exploited in the wild