Hackers are actively trying to exploit a vulnerability known as CVE-2025-48927 in the TeleMessage app, as reported by threat intelligence firm GreyNoise. Since April, at least eleven IP addresses have attempted to exploit the flaw, while over 2,000 additional IPs have been involved in reconnaissance activities, particularly targeting Spring Boot Actuator endpoints. The vulnerability allows unauthorized access to sensitive data due to a legacy confirmation issue where a diagnostic _/heapdump_ endpoint is publicly accessible without proper authentication. TeleMessage, which is similar to the Signal App but is geared towards compliance, was acquired by Smarsh in 2024, shortly before a significant security breach occurred in May. Although TeleMessage claims that the vulnerability has been patched, concerns remain about the security of its enterprise and government users. GreyNoise advises users to block malicious IPs and limit access to vulnerable endpoints to enhance security.

Source đź”—