CVE-2025-48925 MEDIUM

CVE-2025-48925

Vendor Telemessage
Product service
Weakness CWE-836
Published May 28, 2025
Last update July 1, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.

Key dates

02Disclosure timeline

May 28, 2025 CVE published
July 1, 2025 Record updated