User Data Exposure in TeleMessage Admin Panel by TeleMessage
CVE-2025-48926

4.3MEDIUM

Key Information:

Vendor: Telemessage
Status: Service
Vendor: CVE Published:; 28 May 2025

🔔 Create Telemessage Vulnerability Alert

What is CVE-2025-48926?

The TeleMessage service has a vulnerability in its admin panel that allows unauthorized access to sensitive user information, including usernames, email addresses, passwords, and telephone numbers. This issue has been actively exploited, putting users at risk of identity theft and privacy breaches. Timely patching and monitoring are essential to mitigate the impact of this vulnerability.

Affected Version(s)

service 0 <= 2025-05-05

References

https://www.wired.com/story/how-the-signal-knock-off-app-...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
May 28, 2025

JSON