CISA has issued an pressing warning relating to two vital vulnerabilities in TeleMessage TM SGNL that risk actors are at present exploiting in energetic assault campaigns.
The vulnerabilities, tracked as CVE-2025-48927 and CVE-2025-48928, pose important safety dangers to organizations using this communication platform, with CISA including each flaws to its Recognized Exploited Vulnerabilities (KEV) catalog on July 1, 2025.
Key Takeaways1. CVE-2025-48927 and CVE-2025-48928 expose delicate information by means of insecure Spring Boot Actuator and JSP configurations in TeleMessage TM SGNL.2. CISA confirmed energetic exploitation and set a remediation deadline of July 22, 2025, for federal businesses.3. Apply vendor patches instantly or discontinue product use in accordance with BOD 22-01 steering.4. Unpatched techniques danger information theft, privilege escalation, and potential ransomware assaults.
Organizations have till July 22, 2025, to implement obligatory mitigations or discontinue use of the affected product to guard their infrastructure from potential compromises.
Spring Boot Actuator Flaw (CVE-2025-48927)
The primary vulnerability, CVE-2025-48927, represents an initialization of a useful resource with an insecure default configuration flaw, labeled below CWE-1188.
This vital safety weak point stems from improper configuration of the Spring Boot Actuator part, which inadvertently exposes a delicate heap dump endpoint accessible by way of the /heapdump URI path.
This misconfiguration permits unauthorized attackers to entry reminiscence dumps containing doubtlessly delicate info, together with authentication credentials, session tokens, and different confidential information saved within the software’s reminiscence area.
Core Dump Publicity Flaw (CVE-2025-48928)
The second vulnerability, CVE-2025-48928, entails the publicity of core dump information to unauthorized management spheres, categorized below CWE-528.
This flaw impacts the platform’s JSP (JavaServer Pages) software structure, the place heap content material turns into accessible in a way equal to conventional core dumps.
The vulnerability is especially regarding as a result of it could possibly expose passwords and different delicate authentication information that had been beforehand transmitted over HTTP connections, creating a major information publicity danger for organizations counting on TeleMessage TM SGNL for safe communications.
CVEsDescriptionAffected ProductsCVSS 3.1 ScoreCVE-2025-48927An initialization of a useful resource with an insecure default vulnerability. TeleMessage TM SGNL5.3 (Medium)CVE-2025-48928An publicity of core dump file to an unauthorized management sphere vulnerabilityTeleMessage TM SGNL4.0 (Medium)
Mitigations
CISA has labeled each vulnerabilities as actively exploited threats, although the company notes that their potential use in ransomware campaigns stays unknown right now.
The federal cybersecurity company strongly recommends that organizations instantly apply vendor-provided mitigations if obtainable, emphasizing the vital nature of those safety flaws.
Moreover, CISA advises organizations to observe relevant Binding Operational Directive (BOD) 22-01 steering particularly associated to cloud providers safety necessities.
For organizations unable to find vendor mitigation directions or these discovering that sufficient mitigations are unavailable, CISA recommends the extra drastic step of discontinuing use of the TeleMessage TM SGNL product totally.
This suggestion underscores the severity of the vulnerabilities and the potential influence on organizational safety posture.
The July 22, 2025, deadline offers a slender window for organizations to evaluate their publicity, implement acceptable safety measures, and guarantee compliance with federal cybersecurity directives whereas sustaining operational continuity throughout this vital remediation interval.
