Researchers are tracking exploitation attempts of the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which could expose sensitive data like usernames and passwords. Threat actors are actively scanning for vulnerable Spring Boot Actuator endpoints, highlighting ongoing security risks. #CVE-2025-48927 #SpringBoot #TeleMessageSGNL
Keypoints
- Exploitation attempts for CVE-2025-48927 have been detected in the TeleMessage SGNL app.
- Threat actors are scanning for vulnerable Spring Boot Actuator endpoints, particularly the โ/healthโ endpoint.
- The vulnerability allows downloading a Java heap dump containing sensitive data if endpoints are not properly restricted.
- TeleMessage responded to the issue, but some on-premises installations remain vulnerable.
- US authorities have added CVE-2025-48927 to the KEV catalog, urging federal agencies to implement mitigations.