{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T01:37:17.904","vulnerabilities":[{"cve":{"id":"CVE-2025-48928","sourceIdentifier":"cve@mitre.org","published":"2025-05-28T17:15:25.020","lastModified":"2025-11-05T19:25:52.250","vulnStatus":"Analyzed","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025."},{"lang":"es","value":"El servicio TeleMessage hasta el 5 de mayo de 2025 se basa en una aplicación JSP en la que el contenido del montón es aproximadamente equivalente a un \"volcado de núcleo\" en el que se incluiría una contraseña enviada previamente a través de HTTP, como se explotó en la naturaleza en mayo de 2025."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.5,"impactScore":1.4}]},"cisaExploitAdd":"2025-07-01","cisaActionDue":"2025-07-22","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability","weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-528"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-552"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:smarsh:telemessage:-:*:*:*:*:*:*:*","matchCriteriaId":"B293A52C-05E4-41AE-B9BD-759E67B53996"}]}]}],"references":[{"url":"https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48928","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}