CVE-2025-48927
MEDIUM KEVTeleMessage - Insecure Default Configuration Exposing Heap Dump via Spring Boot Actuator
Title source: llmExploitation Summary
CVE-2025-48927 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 1, 2025.
Description
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
References (2)
Core 2
Core References
Press/Media Coverage
https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48927
Scores
CVSS v3
5.3
EPSS
0.0947
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
partial
Details
CISA KEV
2025-07-01
VulnCheck KEV
2025-05-28
ENISA EUVD
EUVD-2025-16207
CWE
CWE-1188
Status
published
Products (1)
smarsh/telemessage
Published
May 28, 2025
KEV Added
Jul 01, 2025
Tracked Since
Feb 18, 2026