Ethical Hacking News
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, highlighting the need for organizations to address these flaws to prevent potential exploitation.
The U.S. CISA has added two vulnerabilities (CVE-2025-48927 and CVE-2025-48928) to its Known Exploited Vulnerabilities catalog for TeleMessage TM SGNL. CVE-2025-48927 is a Initialization of a Resource with an Insecure Default Vulnerability with a CVSS score of 5.3. CVE-2025-48928 is a Core Dump File to an Unauthorized Control Sphere Vulnerability with a CVSS score of 4.0. These vulnerabilities pose a significant risk to the security of networks and devices that utilize TeleMessage TM SGNL. Organizations must address these vulnerabilities by July 22, 2025, as per the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
The recent update from the Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a significant vulnerability in TeleMessage TM SGNL, a service used by various organizations. The U.S. CISA has added two flaws, CVE-2025-48927 and CVE-2025-48928, to its Known Exploited Vulnerabilities catalog. These vulnerabilities pose a substantial risk to the security of networks and devices that utilize TeleMessage TM SGNL.
CVE-2025-48927 is an Initialization of a Resource with an Insecure Default Vulnerability, which allows attackers to exploit the misconfigured Spring Boot Actuator endpoint on TeleMessage TM SGNL. This vulnerability was first discovered in May 2025, and it has been reported that real-world attacks exploiting this flaw occurred during the same month. The severity of this vulnerability is rated at a CVSS score of 5.3.
On the other hand, CVE-2025-48928 is a Core Dump File to an Unauthorized Control Sphere Vulnerability affecting TeleMessage TM SGNL. This vulnerability involves the exposure of core dump files, which contain sensitive information such as passwords previously sent over HTTP. The severity of this vulnerability is rated at a CVSS score of 4.0.
These newly identified vulnerabilities in TeleMessage TM SGNL highlight the importance of regularly updating and patching software applications to prevent exploitation by malicious actors. According to the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies are required to address these vulnerabilities by July 22, 2025.
In addition to the U.S. CISA's warnings, experts recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure. This proactive approach will help prevent the exploitation of these flaws and ensure the security of networks and devices.
Furthermore, it is essential for organizations to remain vigilant and monitor their systems for any signs of attacks exploiting these vulnerabilities. The use of advanced threat detection tools and implementing robust security measures can help mitigate the risks associated with these newly identified vulnerabilities.
The recent update from the U.S. CISA serves as a reminder to organizations to prioritize cybersecurity and invest in the necessary measures to protect themselves against emerging threats. By taking proactive steps, organizations can minimize the risk of exploitation by malicious actors and ensure the continued security of their networks and devices.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-CISA-Catalogs-Newly-Identified-Vulnerabilities-in-TeleMessage-TM-SGNL-A-Warning-to-Organizations-to-Address-These-Flaws-ehn.shtml
https://securityaffairs.com/179542/hacking/u-s-cisa-adds-telemessage-tm-sgnl-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://www.csoonline.com/article/3985565/cisa-adds-the-notorious-telemessage-flaw-to-kev-list.html
https://nvd.nist.gov/vuln/detail/CVE-2025-48927
https://www.cvedetails.com/cve/CVE-2025-48927/
https://nvd.nist.gov/vuln/detail/CVE-2025-48928
https://www.cvedetails.com/cve/CVE-2025-48928/
Published: Wed Jul 2 09:22:31 2025 by llama3.2 3B Q4_K_M
