PT-2025-23100 · Unknown · Telemessage

Published

2025-05-28

Updated

2025-10-22

CVE-2025-48925

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions TeleMessage service through 2025-05-05

Description The issue concerns the TeleMessage service relying on client-side MD5 hashing for authentication credentials. This has been exploited in the wild. The service accepts the hash as the authentication credential, which is a security concern.

Recommendations For versions through 2025-05-05, consider disabling the MD5 hashing authentication mechanism until a more secure method is implemented. Restrict access to the TeleMessage service to minimize the risk of exploitation. Avoid using the MD5 hashed credentials in authentication processes until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-836

Related Identifiers

CVE-2025-48925

Affected Products

Telemessage

PT-2025-23100 · Unknown · Telemessage

CVE-2025-48925

Weakness Enumeration

Related Identifiers

Affected Products

References · 6