🟢 CVE-2025-47729

TeleMessage archiving backend stores cleartext copies of encrypted messages, contrary to documentation claiming end-to-end encryption. This is a data exposure vulnerability rather than a traditional exploitable security flaw, requiring prior unauthorized access to the system.

← Back to Overview
LOW_RISK
Risk Level
1.9
CVSS Score
LOCAL
Attack Vector
Collection
ATT&CK Tactic
T1005 — Data from Local System
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: MEDIUM

Exploitation Method: OTHER

CVE Published: 2025-05-08

Added to CISA KEV: 2025-05-12 4 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-47729 is a security vulnerability involving the TeleMessage archiving backend, which affected the TM SGNL (also known as Archive Signal) application [1].

Below is a summary of the known details regarding this vulnerability:

Vulnerability Overview and Impact
  • Nature of the Flaw: The vulnerability consisted of the TeleMessage archiving backend storing cleartext copies of messages from TM SGNL users [1]. This directly contradicted the product's documentation, which claimed "end-to-end encryption from the mobile phone through to the corporate archive" [5].
  • Impact: Successful exploitation allowed unauthorized access to sensitive, supposedly encrypted communications in plain text [3].
  • Severity: Despite its inclusion in the CISA Known Exploited Vulnerabilities (KEV) catalog, it has been noted for having a relatively low CVSS score (1.9) [4].
Exploitation and Threat Actor Usage
  • Active Exploitation: The vulnerability was actively exploited in the wild in May 2025 [1].
  • CISA KEV Catalog: Due to this active exploitation, CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog in May 2025 [2].
  • Targeted Attacks: Reports indicate that both security researchers and threat actors discovered and utilized this flaw [3]. There is no specific public information linking this vulnerability to widespread ransomware campaigns; however, its nature as a data exposure flaw makes it highly valuable for espionage or targeted intelligence gathering.
Attack Method and Requirements
  • Method: The vulnerability is characterized as a "hidden functionality" or design flaw where the backend failed to maintain the promised encryption standards [2].
  • Requirements: Because the data was stored in cleartext on the backend, exploitation generally involved gaining unauthorized access to the archiving platform where these messages were held, rather than requiring specific user interaction on the mobile device itself.
Affected Versions and Mitigation
  • Affected Versions: The vulnerability affected the TeleMessage archiving backend through May 5, 2025 [6].
  • Status: Users of the platform were advised to ensure their systems were updated beyond the affected versions to remediate the exposure of cleartext data.

Sources

  1. NVD - CVE-2025-47729

    The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL app users, which is different from the claimed end-to-end encryption. This vulnerability was exploited in the wild in May 2025 and is in CISA's Known Exploited Vulnerabilities Catalog.

  2. We added a TeleMessage TM SGNL hidden functionality ...

    We added a TeleMessage TM SGNL hidden functionality vulnerability, CVE-2025-47729, to our Known Exploited Vulnerabilities Catalog.

  3. CVE-2025-47729 - How TeleMessage's Archive Signal Exposed Users ...

    CVE-2025-47729 - How TeleMessage's Archive Signal Exposed Users’ Encrypted Messages in Plain Text In May 2025, security researchers and threat actors alike discovered a major vulnerability in TeleMessage’s enterprise compliance archiving platform, specifically in its integration with the TM SGNL app…

  4. Lowest-rated CVE-2025-47729 vulnerability in VulnCheck KEV

    A quick look at all known exploited vulnerabilities in VulnCheck KEV shows that today's entry, CVE-2025-47729, with a CVSS score of 1.9, is the lowest-rated ...

  5. CVE-2025-47729 : The TeleMessage archiving backend through 2025-05-05 ...

    The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exp…

  6. CVE-2025-47729 Detail - NVD

    The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed