The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

Related CVEs

CVE-2025-48928

Key Information

GHSA ID

GHSA-54mq-99qq-7hr5

Published

May 28, 2025 6:33 PM

Last Modified

May 28, 2025 6:33 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 29, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.