4.9
CVE-2025-47729
- EPSS 4.15%
- Veröffentlicht 08.05.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:26:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Telemessage ≫ Text Message Archiver Version <= 2025-05-05
12.05.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
TeleMessage TM SGNL Hidden Functionality Vulnerability
SchwachstelleTeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.15% | 0.884 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.9 | 1.2 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
|
| cve@mitre.org | 1.9 | 0.5 | 1.4 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-912 Hidden Functionality
The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.