API Authentication Vulnerability in TeleMessage's Archiving Backend
CVE-2025-47730

4.8MEDIUM

Key Information:

Vendor: Telemessage
Status: Archiving Backend
Vendor: CVE Published:; 8 May 2025

🔔 Create Telemessage Vulnerability Alert

What is CVE-2025-47730?

The TeleMessage archiving backend has a security flaw that permits unauthorized API calls for authentication token requests. This vulnerability specifically arises when the TM SGNL application, designed for managing archived signals, utilizes hardcoded credentials to gain access, compromising user security. Such exposure could allow malicious entities to exploit the system and access sensitive user data without proper consent.

Affected Version(s)

archiving backend 0 <= 2025-05-05

References

https://news.ycombinator.com/item?id=43909220

https://arstechnica.com/security/2025/05/signal-clone-use...

https://www.theregister.com/2025/05/05/telemessage_invest...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
May 8, 2025