Vulnerability Details CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.165
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 4.0
Proposed Action
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-48928
-
cpe:2.3:a:smarsh:telemessage:-