CVE-2025-48928
Published: July 1, 2025
Official Description
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
CISA KEV Advisory
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Risk Analysis
TeleMessage TM SGNL contains a vulnerability where a JSP application exposes heap content, potentially including sensitive information like passwords, similar to a core dump. Its inclusion in the KEV catalog indicates confirmed exploitation, making it an urgent data exposure risk.
This vulnerability is actively being exploited in the wild. The exposure of heap content could be remotely accessible depending on the application's configuration.
Apply the latest security updates for TeleMessage TM SGNL to prevent the exposure of sensitive information in core dump files.
Technical Analysis
CVE-2025-48928 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires some privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CISA has added CVE-2025-48928 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. U.S. federal agencies are required to patch this within the mandated timeframe, and all organizations should treat remediation as urgent.
Exploit & PoC Resources
All References (1)
Quick Facts
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-48928 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts
- !CISA KEV: Federal agencies must patch per BOD 22-01 timeline
- !Active exploitation confirmed — treat as P1