Password Hashing Vulnerability in TeleMessage Service by TeleMessage
CVE-2025-48931

3.2LOW

Key Information:

Vendor: Telemessage
Status: Service
Vendor: CVE Published:; 28 May 2025

🔔 Create Telemessage Vulnerability Alert

What is CVE-2025-48931?

The TeleMessage service, up until May 5, 2025, employs MD5 for password hashing, which is outdated and susceptible to various attack vectors. An attacker can exploit this weakness through methods like rainbow table attacks, which require minimal computational resources, thereby posing a significant threat to user security and data integrity.

Affected Version(s)

service 0 <= 2025-05-05

References

https://www.wired.com/story/how-the-signal-knock-off-app-...

CVSS V3.1

Score:

3.2

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2025
Vulnerability Reserved
May 28, 2025

JSON