Hackers are actively seeking to exploit the CVE-2025-48927 vulnerability in the TeleMessage app, according to a report by threat intelligence firm GreyNoise. As of now, 11 IP addresses have attempted to exploit the flaw since April, with over 2,000 other IPs potentially conducting reconnaissance. The vulnerability allows unauthorized data extraction due to a legacy confirmation being in use within Spring Boot Actuator, particularly at the publicly accessible _/heapdump_ endpoint. TeleMessage, which enables chat archiving for compliance, was acquired by Smarsh in 2024 but faced security incidents, including data theft in May. Despite claims from TeleMessage that the vulnerability has been patched, GreyNoise highlights the importance of mitigating exposure to this endpoint and blocking malicious IPs to protect users, including government agencies and enterprises.

Source đź”—