{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T01:52:57.812","vulnerabilities":[{"cve":{"id":"CVE-2025-48927","sourceIdentifier":"cve@mitre.org","published":"2025-05-28T17:15:24.837","lastModified":"2025-11-05T19:26:13.817","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025."},{"lang":"es","value":"El servicio TeleMessage hasta el 5 de mayo de 2025 configura Spring Boot Actuator con un endpoint de volcado de montón expuesto en un URI /heapdump, como se explotó en la naturaleza en mayo de 2025."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"cisaExploitAdd":"2025-07-01","cisaActionDue":"2025-07-22","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability","weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-1188"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smarsh:telemessage:-:*:*:*:*:*:*:*","matchCriteriaId":"B293A52C-05E4-41AE-B9BD-759E67B53996"}]}]}],"references":[{"url":"https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48927","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}