CVE-2025-48929
CVE-2025-48929
In short
TeleMessage uses long-lived credentials for authentication that don't expire quickly, meaning if someone discovers your login credentials, they can use them to access your account for a long time.
Technical detail
TeleMessage implements authentication using persistent credentials without short expiration windows, violating CWE-922 (Weak Credential Validation). An adversary who obtains credentials through interception or compromise can reuse them indefinitely, bypassing typical token-based expiration mechanisms and extending the window for unauthorized access.
Summary generated and translated by AI from the official description.
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date if discovered by an adversary.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Affected products
TeleMessage · serviceWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →