Cyber Resilience

CVE-2025-48928

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 28 May 2025

Published
28 May 2025
Modified
05 November 2025
KEV Added
01 July 2025
Patch
CVSS Score v3.1 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0829 92.4th percentile
Risk Priority 33 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-48928 is a medium-severity Exposure of Core Dump File to an Unauthorized Control Sphere (CWE-528) vulnerability in Smarsh Telemessage. Its CVSS base score is 4.0 (Medium).

Operationally, ranked in the top 7.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

The vulnerability affects the TeleMessage service through 2025-05-05, which relies on a JSP application. In this implementation the application heap retains content comparable to a core dump, exposing passwords that were previously transmitted over HTTP. The issue is tracked as CVE-2025-48928 with CVSS 4.0 and is associated with CWE-528 and CWE-552.

An attacker with local access to the affected system can read the retained heap data without authentication or user interaction. This allows recovery of credentials sent in earlier HTTP requests, resulting in disclosure of sensitive authentication material.

The vulnerability was exploited in the wild in May 2025 and is listed in the CISA Known Exploited Vulnerabilities catalog. Public reporting describes TeleMessage as a Signal knock-off application whose heap exposure enabled rapid compromise of stored passwords.

EU & UK References

Vulnerability details

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in…

more

the wild in May 2025.

CWE(s)
KEV Date Added
01 July 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

smarsh
telemessage
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates cryptographic protection of sensitive data (passwords) during transmission, eliminating plaintext HTTP storage in the JSP heap.

prevent

Requires clearing or protecting residual authentication data in shared memory resources such as the application heap after use.

prevent

Enforces memory protection mechanisms that limit unauthorized local access to retained sensitive information in process memory.

References