Exploitation Summary
CVE-2025-48928 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added July 1, 2025.
Description
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
References (2)
Core 2
Core References
Press/Media Coverage
https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48928
Scores
CVSS v3
4.0
EPSS
0.0829
EPSS Percentile
92.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2025-07-01
VulnCheck KEV
2025-05-28
ENISA EUVD
EUVD-2025-16214
CWE
CWE-528
CWE-552
Status
published
Products (1)
smarsh/telemessage
Published
May 28, 2025
KEV Added
Jul 01, 2025
Tracked Since
Feb 18, 2026