CVE-2025-48928
Published: 28 May 2025
Summary
CVE-2025-48928 is a medium-severity Exposure of Core Dump File to an Unauthorized Control Sphere (CWE-528) vulnerability in Smarsh Telemessage. Its CVSS base score is 4.0 (Medium).
Operationally, ranked in the top 7.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-4 (Information in Shared System Resources) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
The vulnerability affects the TeleMessage service through 2025-05-05, which relies on a JSP application. In this implementation the application heap retains content comparable to a core dump, exposing passwords that were previously transmitted over HTTP. The issue is tracked as CVE-2025-48928 with CVSS 4.0 and is associated with CWE-528 and CWE-552.
An attacker with local access to the affected system can read the retained heap data without authentication or user interaction. This allows recovery of credentials sent in earlier HTTP requests, resulting in disclosure of sensitive authentication material.
The vulnerability was exploited in the wild in May 2025 and is listed in the CISA Known Exploited Vulnerabilities catalog. Public reporting describes TeleMessage as a Signal knock-off application whose heap exposure enabled rapid compromise of stored passwords.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-16214
Vulnerability details
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in…
more
the wild in May 2025.
- CWE(s)
- KEV Date Added
- 01 July 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Mandates cryptographic protection of sensitive data (passwords) during transmission, eliminating plaintext HTTP storage in the JSP heap.
Requires clearing or protecting residual authentication data in shared memory resources such as the application heap after use.
Enforces memory protection mechanisms that limit unauthorized local access to retained sensitive information in process memory.