CVE-2025-48928

CVSS 4 MEDIUMEPSS 0.4%● KEVCWE-528

In short

TeleMessage leaks passwords in memory dumps because it processes sensitive data in an insecure way. Attackers who gain access to the server's memory can recover passwords that were sent over unencrypted HTTP connections.

Technical detail

The JSP-based TeleMessage application stores plaintext passwords in heap memory without proper sanitization. An attacker with local or remote memory access (via core dump analysis or heap spray techniques) can extract credentials transmitted via HTTP. This vulnerability requires post-authentication access or memory disclosure primitives.

Summary generated and translated by AI from the official description.

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

TeleMessage · service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48928 https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/