CVE-2025-48925

CVSS 4.3 MEDIUMEPSS 0.2%CWE-836

In short

TeleMessage's SGNL app performs password hashing on your device before sending it to authenticate, but the service accepts this client-side hash as the final credential instead of verifying it server-side. This means an attacker who intercepts the hash can reuse it to log in without knowing your actual password.

Technical detail

TeleMessage relies on client-side MD5 hashing for authentication, accepting the resulting hash as a credential without server-side verification (CWE-836: Use of a Broken or Risky Cryptographic Algorithm). An attacker can intercept the hash over the network or extract it from a compromised client and replay it for unauthorized authentication, bypassing the need to crack the original password.

Summary generated and translated by AI from the official description.

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

TeleMessage · service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/