PT-2025-23111 · Unknown · Telemessage
Published
2025-05-28
·
Updated
2025-07-05
·
CVE-2025-48928
CVSS v3.1
4.0
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TeleMessage service through 2025-05-05
Description
The issue concerns the TeleMessage service, which is based on a JSP application. In this application, the heap content is similar to a "core dump", where a password previously sent over HTTP would be included in this dump. This has been exploited in the wild in May 2025.
Recommendations
For the TeleMessage service through 2025-05-05, consider updating to a version released after 2025-05-05 to mitigate the risk of password exposure. As a temporary workaround, restrict access to the service to minimize the risk of exploitation. Avoid using HTTP for sensitive transactions until the issue is resolved.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Telemessage