Cyber Resilience

CVE-2025-48927

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 28 May 2025

Published
28 May 2025
Modified
05 November 2025
KEV Added
01 July 2025
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0947 93.0th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48927 is a medium-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Smarsh Telemessage. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 7.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-7 (Least Functionality).

Deeper analysis

The vulnerability CVE-2025-48927 affects the TeleMessage service through version dated 2025-05-05. It stems from an insecure default configuration of Spring Boot Actuator that exposes a heap dump endpoint at the /heapdump URI, corresponding to CWE-1188. This misconfiguration allows unauthenticated network access to potentially sensitive runtime data.

An attacker with network connectivity can retrieve the heap dump without authentication or user interaction, resulting in limited disclosure of information stored in memory. The issue carries a CVSS 3.1 score of 5.3 reflecting low confidentiality impact with no integrity or availability effects.

Public references confirm the flaw was exploited in the wild during May 2025, as documented in the CISA Known Exploited Vulnerabilities catalog and reporting on the TeleMessage compromise. No specific patch or mitigation details are provided in the available references beyond the catalog entry noting active exploitation.

EU & UK References

Vulnerability details

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.

CWE(s)
KEV Date Added
01 July 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

smarsh
telemessage
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access control on the /heapdump endpoint to block unauthenticated retrieval of memory contents.

prevent

Requires disabling unnecessary Spring Boot Actuator endpoints such as heapdump by default.

prevent

Mandates secure configuration settings that override insecure Actuator defaults exposing sensitive runtime data.

References