CVE-2025-48929
published 2025-05-28CVE-2025-48929: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.28%
19.9th percentile
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| smarsh | telemessage | <= 2025-05-05 | — |
| telemessage | service | <= 2025-05-05 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5wx3-hjmf-qcgx: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e
ghsa_unreviewed·2025-05-28
CVE-2025-48929 [MEDIUM] CWE-613 GHSA-5wx3-hjmf-qcgx: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary, as exploited in the wild in May 2025.
VulnCheck
smarsh telemessage Insecure Storage of Sensitive Information
vulncheck·2025·CVSS 4.0
CVE-2025-48929 [MEDIUM] smarsh telemessage Insecure Storage of Sensitive Information
smarsh telemessage Insecure Storage of Sensitive Information
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
Affected: TeleMessage TM SGNL
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2025-48929
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-28
Published
Exploited in the wild