logo
Back to News
TeleMessage App Under Fire: Hackers Exploit Security Flaw

TeleMessage App Under Fire: Hackers Exploit Security Flaw

Security

A new report from GreyNoise reveals that hackers continue to target the TeleMessage app by exploiting the CVE-2025-48927 vulnerability. TeleMessage, similar to Signal, provides chat archiving for compliance purposes and has faced ongoing security challenges.

Active Exploit Attempts

GreyNoise's monitoring has detected 11 IP addresses attempting to exploit the vulnerability since April. Additionally, reconnaissance efforts are widespread, with 2,009 IPs searching for Spring Boot Actuator endpoints and 1,582 IPs specifically targeting the /health endpoints.

The Vulnerability

The vulnerability allows unauthorized data extraction due to the platform's use of a legacy confirmation in Spring Boot Actuator. The diagnostic /heapdump endpoint is publicly accessible without authentication, posing a significant security risk.

TeleMessage Background

Based in Israel, TeleMessage was acquired by US-based Smarsh in 2024. However, a security breach in May led to a temporary suspension of services after files were stolen from the app.

Impact and Recommendations

According to Howdy Fisher from GreyNoise, TeleMessage has patched the vulnerability, but patch timelines may vary. Given that TeleMessage users include government organizations and enterprises, such as former US government officials, US Customs and Border Protection, and crypto exchange Coinbase, the impact of this vulnerability is substantial.

GreyNoise Recommendations:

  • Block malicious IPs.
  • Disable or restrict access to the /heapdump endpoint.
  • Limit exposure to Actuator endpoints.

Rising Crypto Thefts in 2025

Chainalysis reports that over $2.17 billion has been stolen in crypto so far in 2025. This includes physical “wrench attacks” on Bitcoin holders and hacks of crypto exchanges like Bybit in February.

Credential theft often involves phishing attacks, malware, and social engineering tactics.

Securing Your Blockchain Projects with Codeum

At Codeum, we understand the importance of robust security in the blockchain space. We offer comprehensive smart contract audits, KYC verification, and custom smart contract and DApp development to help you secure your projects. Our tokenomics and security consultation services ensure your platform is resilient against potential threats.

Partner with Codeum to protect your blockchain ventures. Learn more about our services.

Tags

#TeleMessage#Security Vulnerability#Crypto Security#GreyNoise#Blockchain Security#Codeum#CVE-2025-48927
Share this article

Related News

UXLINK Token Plunges After $11M Multisig Wallet Hack
Security

UXLINK Token Plunges After $11M Multisig Wallet Hack

New Gold Protocol Plunges After $2M Flash Loan Exploit
Security

New Gold Protocol Plunges After $2M Flash Loan Exploit

Solana's Yakovenko: Bitcoin Needs Quantum Defense by 2030
Security

Solana's Yakovenko: Bitcoin Needs Quantum Defense by 2030