Telemessage Archiving Backend vulnerabilities
2 known vulnerabilities affecting telemessage/archiving_backend.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
2
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-47729P2MEDIUMCVSS 4.9KEV≤ 2025-05-052025-05-08
CVE-2025-47729 [MEDIUM] CWE-912 CVE-2025-47729: The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
nvd
CVE-2025-47730P1HIGHCVSS 7.5Exploited≤ 2025-05-052025-05-08
CVE-2025-47730 [HIGH] CWE-798 CVE-2025-47730: The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication
The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.
nvd