CVE-2025-48927 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-05-28

Added to CISA KEV: 2025-07-01 34 DAYS BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
CRITICAL: Immediately disable or secure Spring Boot Actuator endpoints, particularly /heapdump
Monitor network traffic for requests to /heapdump and other actuator endpoints
Patch to latest version immediately - this is actively exploited and on CISA KEV

Checking the Scope of CVE-2025-48927 - GreyNoise Labs
However, CVE-2025-48927 is remotely exploitable and requires no user interaction. It exists in TeleMessage TM SGNL, a Signal clone that archives ...
Flaw in Signal App Clone Could Leak Passwords
A vulnerability disclosed in May 2025, CVE-2025-48927 , affects certain deployments of TeleMessage TM SGNL, an enterprise messaging system modeled ...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability.
Known Exploited Vulnerabilities Catalog | CISA
HireVue Applicant Reasonable Accommodations Process. Hiring. Resume & Application Tips. Students & Recent Graduates. Veteran and Military Spouses.CVE-2025-48927.
Checking the Scope of CVE-2025-48927 – GreyNoise Labs
Checking the Scope of CVE-2025-48927 CVE-2025-48927 found in TeleMessage TM SGNL in May, and reported by KEV in July, allows attackers to trivially extract sensitive credentials via an unauthenticated, exposed /heapdump endpoint.

🔴 CVE-2025-48927