PULSE
LIVE22signals / 24h
FEED
ransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Servicesransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomkrybit reclama a eitzchaim.com · IL · Not Foundransomkrybit reclama a formasuniversales.com · MX · Business Servicesransomkrybit reclama a rehabmalaysia.com · MY · Healthcareransomkrybit reclama a www.lagus.cz · CZ · Business Services
← All CVEs
CVE Watch

CVE-2025-48927

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

CVSS

No CVSS

EPSS

8.5%

p94

KEV

YES

Jul 1, 2025

Exploit Today

78

0-100

Published: · Last modified:

EPSS · 30d
7.9%EPSS · 30 days8.5%
2026-06-302026-07-16
KEV catalog record

Product

TeleMessage / TM SGNL

Vulnerability

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

Added to KEV

Jul 1, 2025

Remediate by

Jul 22, 2025

Known ransomware use

No

Summary description

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes

It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48927

Related CVEs
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-47729
33.0%
KEV60TeleMessage TM SGNL Hidden Functionality Vulnerability
CVE-2025-48928
28.9%
KEV59TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability