CISA has identified two significant flaws in TeleMessage TM SGNL, prompting immediate action from federal agencies to patch vulnerabilities or cease using the app. The issues, CVE-2025-48927 and CVE-2025-48928, present substantial risks, including exposure to sensitive data via misconfigured endpoints. The flaws gained attention after the Signalgate incident, where chat logs containing sensitive discussions were exposed. The vulnerabilities have been included in CISA's Known Exploited Vulnerabilities Catalog, emphasizing the urgency of the situation for the federal enterprise amidst ongoing threats from malicious actors.
CISA warned of active exploitation of two vulnerabilities in TeleMessage TM SGNL and directed federal agencies to patch or discontinue use by July 22.
CVE-2025-48927 is due to a Spring Boot Actuator misconfiguration exposing the /heapdump endpoint, allowing attackers to download memory dumps with sensitive data.
In May, chat logs and metadata of over 60 government users, including Secret Service members, were leaked online, raising serious security concerns.
TeleMessage, owned by Smarsh, came to attention during the Signalgate incident when national security advisor Mike Waltz mistakenly included a journalist in a sensitive chat.
Collection
[
|
...
]