Hacker reconnaissance work continues on TeleMessage app vulnerability — Report
TeleMessage App Vulnerability: Hackers Intensify Reconnaissance Efforts
A critical vulnerability in the TeleMessage app continues to be a target for malicious actors. Recent reports indicate a surge in reconnaissance activities, suggesting potential exploitation attempts are underway.
Exploitation Attempts Detected
According to a new threat intelligence report, at least 11 IP addresses have been identified actively attempting to exploit the vulnerability, known as CVE-2025-48927, since April.
Widespread Reconnaissance Activity
Beyond direct exploitation attempts, a significant number of IP addresses appear to be engaged in reconnaissance, scanning for vulnerable systems. The report highlights that:
- Over the past 90 days, 2,009 IP addresses have scanned for Spring Boot Actuator endpoints.
- Specifically, 1,582 IP addresses have targeted the /health endpoints, often used to detect Spring Boot Actuator deployments.
This widespread scanning activity indicates a coordinated effort to identify and potentially exploit vulnerable TeleMessage installations.
What is TeleMessage?
TeleMessage is a messaging application often used in professional contexts. The vulnerability, if successfully exploited, could allow unauthorized access to sensitive data, highlighting the potential risks for users.
- Hackers are actively trying to exploit a vulnerability in the TeleMessage app.
- At least 11 IP addresses have been detected attempting direct exploitation.
- Thousands of other IP addresses are conducting reconnaissance, searching for vulnerable systems.
- The TeleMessage vulnerability remains a significant security risk.
- Organizations using TeleMessage should urgently review their security posture and apply necessary patches.
- Vigilance and proactive monitoring are crucial to detect and mitigate potential exploitation attempts.
- The widespread reconnaissance activity suggests a coordinated and potentially large-scale attack.