Authentication Flaw in TeleMessage Service Affects TM SGNL App
CVE-2025-48925

4.3MEDIUM

Key Information:

Vendor: Telemessage
Status: Service
Vendor: CVE Published:; 28 May 2025

🔔 Create Telemessage Vulnerability Alert

What is CVE-2025-48925?

The TeleMessage service, specifically the TM SGNL application, has a vulnerability that allows attackers to exploit client-side MD5 hashing used for authentication. By relying solely on this method, the service accepts the hash as a security credential, making it susceptible to unauthorized access. This flaw was actively exploited in May 2025, raising significant concerns about user data safety and compromise.

Affected Version(s)

service 0 <= 2025-05-05

References

https://www.wired.com/story/how-the-signal-knock-off-app-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
May 28, 2025

JSON