cbcvebase.

Telemessage Service vulnerabilities

6 known vulnerabilities affecting telemessage/service.

Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
5
Severity breakdown
CRITICAL1HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-48928P2MEDIUMCVSS 4.0KEV≤ 2025-05-052025-05-28
CVE-2025-48928 [MEDIUM] CWE-528 CVE-2025-48928: The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content i The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
nvd
CVE-2025-48929P1CRITICALCVSS 9.8Exploited≤ 2025-05-052025-05-28
CVE-2025-48929 [CRITICAL] CWE-922 CVE-2025-48929: The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
nvd
CVE-2025-48930P1MEDIUMCVSS 5.3Exploited≤ 2025-05-052025-05-28
CVE-2025-48930 [MEDIUM] CWE-316 CVE-2025-48930: The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even thou The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.
nvd
CVE-2025-48925P2HIGHCVSS 7.5Exploited≤ 2025-05-052025-05-28
CVE-2025-48925 [HIGH] CWE-836 CVE-2025-48925: The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do M The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.
nvd
CVE-2025-48926P2HIGHCVSS 7.5Exploited≤ 2025-05-052025-05-28
CVE-2025-48926 [HIGH] CWE-288 CVE-2025-48926: The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.
nvd
CVE-2025-48931P4MEDIUMCVSS 5.5≤ 2025-05-052025-05-28
CVE-2025-48931 [MEDIUM] CWE-328 CVE-2025-48931: The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up variou The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.
nvd
Telemessage Service vulnerabilities | cvebase