The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory following the discovery of two actively exploited vulnerabilities in the TeleMessage TM SGNL platform—a secure messaging solution widely used for archiving communications across services like WhatsApp, Telegram, and Signal.
The vulnerabilities, tracked as CVE-2025-48927 and CVE-2025-48928, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, with a remediation deadline of July 22, 2025, for federal agencies.
Technical Breakdown:
- CVE-2025-48927: This flaw is categorized as an Initialization of a Resource with an Insecure Default (CWE-1188). It stems from the misconfiguration of the Spring Boot Actuator in TeleMessage TM SGNL, which left the
/heapdumpendpoint exposed. - Attackers exploiting this endpoint can access sensitive memory dumps, potentially leading to unauthorized data access or privilege escalation. text
GET /heapdump HTTP/1.1 Host: vulnerable-telemessage-instance.com - CVE-2025-48928: Labeled as an Exposure of Core Dump File to an Unauthorized Control Sphere (CWE-528), this vulnerability is linked to the underlying JSP application.
- Here, the heap dump—functionally similar to a core dump—may contain sensitive data, such as passwords transmitted over HTTP, which can be retrieved by unauthorized parties if the dump is improperly secured.
- “The heap content is roughly equivalent to a ‘core dump’ in which a password previously sent over HTTP would be included in this dump.”
Mitigation Steps and Compliance Requirements
CISA’s Binding Operational Directive (BOD) 22-01 mandates Federal Civilian Executive Branch (FCEB) agencies to remediate these vulnerabilities by the deadline to prevent system compromise and data breaches.
While BOD 22-01 is mandatory for federal agencies, CISA strongly urges all organizations—public and private—to:
- Identify all systems running TeleMessage TM SGNL.
- Apply vendor-supplied patches or mitigation steps immediately.
- Audit configurations to ensure no default or exposed endpoints remain.
- Restrict access to diagnostic endpoints like
/heapdumpand secure core dump files with proper permissions. - Discontinue use of the product if mitigations are unavailable.
Failure to address these vulnerabilities could result in unauthorized access to sensitive communications, regulatory non-compliance, and significant operational disruptions.
Organizations are advised to align their security practices with CISA’s KEV Catalog and maintain regular threat monitoring to mitigate evolving cyber risks.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The vulnerabilities, tracked as CVE-2025-48927 and CVE-2025-48928, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog){kind=link}