CVE-2025-48930

CVSS 2.8 LOWEPSS 0.1%CWE-316

In short

TeleMessage stores sensitive information in unencrypted form in the computer's memory, where attackers who gain access to the system could potentially read it.

Technical detail

CWE-316 describes cleartext storage of sensitive data in memory. An adversary with local access or memory-reading capabilities can extract unencrypted sensitive information from the TeleMessage process memory. Mitigation requires encryption of sensitive data in-memory or secure memory handling practices.

Summary generated and translated by AI from the official description.

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Affected products

TeleMessage · service

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/