← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-48928 — Actively Exploited: TM SGNL (TeleMessage)

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.

CVE IDCVE-2025-48928
VendorTeleMessage
ProductTM SGNL
Vulnerability nameTeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
Date added2025-07-01
Remediation due2025-07-22
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionTeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →