Vulnerability Details CVE-2025-48927
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.211
EPSS Ranking 95.4%
CVSS Severity
CVSS v3 Score 5.3
Proposed Action
TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-48927
-
cpe:2.3:a:smarsh:telemessage:-