CISA has issued a warning about a security vulnerability in TeleMessage, a messaging archiving service used by government officials, which has been exploited by hackers. The flaw allows threat actors to access unencrypted chat logs, including private messages from critical organizations.
Affected: US government systems, TeleMessage users, Coinbase, customers, Border Protection employees
Affected: US government systems, TeleMessage users, Coinbase, customers, Border Protection employees
Keypoints
- CISA has disclosed a critical vulnerability (CVE-2025-47729) in TeleMessage that is actively being exploited in the wild.
- The flaw resides in TeleMessage’s server-side security, allowing hackers to access unencrypted chat logs, including messages from messaging apps like Signal, WhatsApp, and Telegram.
- Although TeleMessage claims its Signal-based app supports end-to-end encryption, research shows communications are not encrypted at the final archive destination.
- Hackers have exploited the vulnerability to collect private messages, notably from organizations like Coinbase and US Customs and Border Protection.
- In response, TeleMessage’s owner, Smarsh, has temporarily suspended all services pending an investigation.
- Federal agencies are mandated to patch vulnerabilities listed in the KEV catalog within three weeks, emphasizing the urgency of addressing this flaw.
- Users are advised to discontinue using TeleMessage services to mitigate security risks until patches are implemented.