CVE-2025-48926

CVSS 4.3 MEDIUMEPSS 0.2%CWE-288

In short

The TeleMessage admin panel exposes sensitive user data like usernames, emails, passwords, and phone numbers to attackers. This information can be used for identity theft, fraud, or targeted attacks.

Technical detail

An authentication weakness in the TeleMessage admin panel (CWE-288: Authentication Using a Known Password) allows attackers to access and enumerate sensitive user credentials and contact information. The vulnerability affects all versions through 2025-05-05 and requires network access to the admin interface; successful exploitation results in disclosure of usernames, email addresses, passwords, and telephone numbers of platform users.

Summary generated and translated by AI from the official description.

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected products

TeleMessage · service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/