CVE-2025-47730 — CVSS 4.8 (medium): The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive…
CVE-2025-48925 — CVSS 4.3 (medium): The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash…
CVE-2025-48926 — CVSS 4.3 (medium): The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and…
CVE-2025-48929 — CVSS 4.0 (medium): The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short…
CVE-2025-48931 — CVSS 3.2 (low): The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including…
CVE-2025-48930 — CVSS 2.8 (low): The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to…