Cyber Resilience

CVE-2025-47729

LowCISA KEVActive ExploitationEUVD Exploited

Published: 08 May 2025

Published
08 May 2025
Modified
05 November 2025
KEV Added
12 May 2025
Patch
CVSS Score v3.1 1.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0415 88.9th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-47729 is a low-severity Hidden Functionality (CWE-912) vulnerability in Telemessage Text Message Archiver. Its CVSS base score is 1.9 (Low).

Operationally, ranked in the top 11.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-13 (Cryptographic Protection) and SC-28 (Protection of Information at Rest).

Deeper analysis

The vulnerability in CVE-2025-47729 affects the TeleMessage archiving backend through 2025-05-05, which stores cleartext copies of messages sent by users of the TM SGNL (Archive Signal) mobile application. This behavior contradicts the product's documentation claiming end-to-end encryption from the device through to the corporate archive. The issue is tracked under CWE-912 and carries a low CVSS 3.1 score of 1.9 due to its local attack vector, high attack complexity, and requirement for high privileges.

An attacker with access to the backend server or its storage can read message contents that should have remained encrypted. Exploitation requires compromising or having authorized access to the archiving infrastructure rather than targeting end-user devices directly, allowing disclosure of archived communications that were expected to be protected.

Public references indicate the flaw was exploited in the wild in May 2025, prompting TeleMessage to investigate and ultimately cease operations for the affected service. The vulnerability has been added to the CISA Known Exploited Vulnerabilities catalog, and reporting links the product to high-profile users including U.S. government officials relying on the Signal-compatible client.

EU & UK References

Vulnerability details

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation,…

more

as exploited in the wild in May 2025.

CWE(s)
KEV Date Added
12 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

telemessage
text message archiver
≤ 2025-05-05

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires cryptographic protection of information at rest, which would have prevented storage of message plaintext in the archiving backend.

prevent

Mandates use of cryptographic mechanisms to protect the confidentiality of stored data, countering the cleartext archiving flaw.

prevent

Requires proper cryptographic key management to support end-to-end encryption through to the archive as documented.

References