CISA has added TeleMessage TM SGNL flaws to its Known Exploited Vulnerabilities catalog, emphasizing the importance of addressing these security issues. These vulnerabilities include insecure resource initialization and exposure of core dump files, which have been exploited in real-world attacks. #TeleMessage #CISA #KEV #SpringBoot #CoreDump
Keypoints
- The TeleMessage TM SGNL vulnerabilities include CVE-2025-48927 and CVE-2025-48928.
- Real-world attacks exploited the insecure default configuration exposing /heapdump endpoint.
- CISA requires federal agencies to fix these vulnerabilities by July 22, 2025.
- Private organizations are also advised to review and address these vulnerabilities in their systems.
- The flaws involve core dump exposure and insecure resource initialization in TeleMessage services.