CVE-2025-48929

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TeleMessage service through 2025-05-05

Description The issue concerns the implementation of authentication through a long-lived credential in the TeleMessage service, which can be reused if discovered by an adversary. This has been exploited in the wild in May 2025.

Recommendations For the TeleMessage service through 2025-05-05, consider implementing short-lived authentication tokens to minimize the risk of credential reuse. As a temporary workaround, restrict access to sensitive features that rely on the long-lived credential until a more secure authentication mechanism is implemented.

Fix

Insufficient Session Expiration

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613CWE-922

Related Identifiers

CVE-2025-48929

Affected Products

Telemessage

CVE-2025-48929

Weakness Enumeration

Related Identifiers

Affected Products

References · 6