Telemessage
CVE-2025-48931
LOW
Severity by source
AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.
AnalysisAI
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-328. The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort. Affected products include: Smarsh Telemessage. Version information: through 2025.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Telemessage
View allThe TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM
The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content ma
The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heap
The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses,
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then
Same weakness CWE-328 – Use of Weak Hash
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today