CVE-2025-55443

Name of the Vulnerable Software and Affected Versions: Telpo MDM versions 1.4.6 through 1.4.9

Description: The Telpo MDM Android platform stores sensitive administrator credentials and MQTT server connection details (IP/port) in plaintext within log files on the device's external storage. This allows attackers with access to these logs to authenticate to the MDM web platform and execute administrative operations, including device shutdown, factory reset, and software installation. Additionally, attackers can connect to the MQTT server to intercept or publish device data.

Recommendations: Update to a newer version of Telpo MDM that addresses this issue.