CVE-2025-47730

Name of the Vulnerable Software and Affected Versions TeleMessage archiving backend versions through 2025-05-05

Description The issue concerns the acceptance of API calls from the TM SGNL (aka Archive Signal) app to request an authentication token, using hardcoded credentials. The credentials used are logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.

Recommendations For versions through 2025-05-05, consider disabling the API endpoint that accepts authentication token requests from the TM SGNL app until a patch is available. Restrict access to the affected API endpoint to minimize the risk of exploitation. Avoid using the hardcoded credentials logfile and enRR8UVVywXYbFkqU#QDPRkO in the affected API calls until the issue is resolved.