CVE-2025-47729
Published: 08 May 2025
Summary
CVE-2025-47729 is a low-severity Hidden Functionality (CWE-912) vulnerability in Telemessage Text Message Archiver. Its CVSS base score is 1.9 (Low).
Operationally, ranked in the top 11.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).
Deeper analysis
The vulnerability in CVE-2025-47729 affects the TeleMessage archiving backend through 2025-05-05, which stores cleartext copies of messages sent by users of the TM SGNL (Archive Signal) mobile application. This behavior contradicts the product's documentation claiming end-to-end encryption from the device through to the corporate archive. The issue is tracked under CWE-912 and carries a low CVSS 3.1 score of 1.9 due to its local attack vector, high attack complexity, and requirement for high privileges.
An attacker with access to the backend server or its storage can read message contents that should have remained encrypted. Exploitation requires compromising or having authorized access to the archiving infrastructure rather than targeting end-user devices directly, allowing disclosure of archived communications that were expected to be protected.
Public references indicate the flaw was exploited in the wild in May 2025, prompting TeleMessage to investigate and ultimately cease operations for the affected service. The vulnerability has been added to the CISA Known Exploited Vulnerabilities catalog, and reporting links the product to high-profile users including U.S. government officials relying on the Signal-compatible client.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14003
Vulnerability details
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation,…
more
as exploited in the wild in May 2025.
- CWE(s)
- KEV Date Added
- 12 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires cryptographic protection of information at rest, which would have prevented storage of message plaintext in the archiving backend.
Mandates use of cryptographic mechanisms to protect the confidentiality of stored data, countering the cleartext archiving flaw.
Requires proper cryptographic key management to support end-to-end encryption through to the archive as documented.