5.3
CVE-2025-48927
- EPSS 4.68%
- Veröffentlicht 28.05.2025 00:00:00
- Zuletzt bearbeitet 05.11.2025 19:26:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smarsh ≫ Telemessage Version-
01.07.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
SchwachstelleTeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI.
BeschreibungApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.68% | 0.891 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cve@mitre.org | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-1188 Initialization of a Resource with an Insecure Default
The product initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.