CVE-2025-47729 LOW

CVE-2025-47729

Vendor Telemessage
Product archiving backend
Weakness CWE-912
KEV Status Known Exploited
Published May 8, 2025
Last update October 21, 2025

CVSS base score

1.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

May 8, 2025 CVE published
October 21, 2025 Record updated