CVE-2025-47729
CVSS Score
1.9
EPSS Score
0.0%
EPSS Percentile
0th
The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.
| CWE | CWE-912 |
| Vendor | telemessage |
| Product | archiving backend |
| Published | May 8, 2025 |
| Last Updated | Oct 21, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for telemessage archiving backend
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-47729.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
TeleMessage / archiving backend
0 โค 2025-05-05
References
news.ycombinator.com: https://news.ycombinator.com/item?id=43909220 arstechnica.com: https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/ theregister.com: https://www.theregister.com/2025/05/05/telemessage_investigating/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47729