CVE-2025-47729

Name of the Vulnerable Software and Affected Versions TeleMessage versions prior to 2025-05-05

Description The TeleMessage archiving backend holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation. This issue has been exploited in the wild in May 2025. The vulnerability allows unauthorized access to private messages and group chats that were intended to be secure, raising concerns about data security for individuals and government officials who use the application. It is estimated that a significant number of devices may be affected, including those used by high-ranking government officials and federal agencies.

Recommendations As a temporary workaround, consider disabling the use of the TeleMessage archiving backend until a patch is available. Restrict access to the TeleMessage application to minimize the risk of exploitation. Avoid using the TeleMessage application for sensitive communications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.