The US CISA agency has identified multiple vulnerabilities in the TeleMessage messaging app, urging organizations to apply patches immediately. These flaws, exploited by hackers in May 2025, expose user credentials and chat logs, posing significant security risks. #CISA #TeleMessage #CVE2025-47729 #CVE2025-48927 #CVE2025-48928
Keypoints
- CISA highlights two new vulnerabilities in the TeleMessage app that need urgent patching.
- The vulnerabilities involve exposed heap dump endpoints and memory snapshots that reveal sensitive data.
- Hackers demonstrated exploiting these flaws in May 2025, extracting user credentials within 20 minutes.
- TeleMessage’s parent company suspended services after previous security issues related to encryption lapses.
- Federal agencies are mandated to patch these vulnerabilities by July 22, but all organizations are advised to do the same.
Read More: https://www.securityweek.com/cisa-warns-of-two-exploited-telemessage-vulnerabilities/