0
CRITICAL
0
HIGH
1
MEDIUM
0
LOW
0
POC
1
KEV
Monthly
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.
Information Disclosure
Telemessage
NVD
CVSS 3.1
4.0
EPSS
8.3%
CVE-2025-48928
EPSS 8%
CVSS 4.0
MEDIUM
KEV
THREAT
Act Now
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.
Information Disclosure
Telemessage
NVD