CVE-2025-47730

Medium CVSS: 4.8

The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and enRR8UVVywXYbFkqU#QDPRkO for the password.

Vendor

Smarsh

Product

Telemessage

CWE

CWE-798

Yayın Tarihi

2025-05-08 14:15:27

Güncelleme

2025-10-22 14:53:23

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-798 Telemessage MEDIUM Smarsh 2025

Referanslar

https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/ https://github.com/micahflee/TM-SGNL-Android/blob/bd7ccbb8bc79193fc4c57cae7cc1051e6250fa89/app/src/tm/java/org/archiver/ArchiveConstants.kt#L45-L46 https://news.ycombinator.com/item?id=43909220 https://www.theregister.com/2025/05/05/telemessage_investigating/

Benzer Kayıtlar

Medium

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent…

Medium

CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token…

Low

CVE-2025-48930

The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content ma…

Low

CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibiliti…

Medium

CVE-2025-48925

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then…

Medium

CVE-2025-48926

The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses,…