NVD disclosure day

Published threat advisories for May 28, 2025

CVE-2025-48928

TeleMessage Service Password Exposure Risk

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in the TeleMessage service may expose passwords sent over HTTP. Exploited in May 2025, this affects organizations by potentially compromising credentials and systems. The realistic business risk involves unauthorized access to sensitive data due to the exposure of password information within the service

NVD published: May 28, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-48927

TeleMessage Service Information Disclosure.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

The TeleMessage service has a vulnerability in its Spring Boot Actuator that exposes a heap dump endpoint. This allows unauthorized access to sensitive information, posing a risk to affected organizations and their data. The vulnerability was exploited in May 2025.

NVD published: May 28, 2025 • CISA KEV