Technology

Hacker reconnaissance work continues on TeleMessage app vulnerability — Report

Posted on by Minakshi

TeleMessage App Vulnerability Under Active Hacker Scrutiny: Report

Ongoing Exploitation Attempts Target Messaging App

A concerning report has surfaced indicating continued attempts to exploit a vulnerability, identified as CVE-2025-48927, within the TeleMessage application. This vulnerability potentially exposes user data and system integrity to malicious actors.

Multiple IP Addresses Involved in Exploitation and Reconnaissance

According to the latest intelligence, at least 11 IP addresses have been actively engaged in attempting to exploit this vulnerability since April. Furthermore, a significantly larger number of IP addresses are suspected of conducting reconnaissance activities.

These reconnaissance efforts involve scanning for Spring Boot Actuator endpoints, with 2,009 IPs having searched for these endpoints in the last 90 days. Specifically, 1,582 IPs targeted the /health endpoint, a common indicator of Spring Boot Actuator deployments.

Potential Risks and Mitigation

The ongoing exploitation attempts and reconnaissance activities pose a significant risk to users of the TeleMessage application. This could lead to:

  • Data breaches and exposure of sensitive information
  • Unauthorized access to user accounts
  • Compromised system functionality

Users are strongly advised to ensure their TeleMessage app is updated to the latest version with relevant security patches. Organizations using TeleMessage for official communications should review their security protocols and monitor for suspicious activity.

Summary:

  • Hackers are actively attempting to exploit a vulnerability (CVE-2025-48927) in the TeleMessage app.
  • At least 11 IP addresses have been directly involved in exploitation attempts.
  • Thousands of other IPs are suspected of reconnaissance activities, scanning for vulnerable endpoints.
Key Takeaways:

  • The TeleMessage app vulnerability is actively being targeted by malicious actors, indicating an ongoing threat.
  • The scale of the reconnaissance suggests a widespread interest in exploiting this vulnerability.
  • Immediate action is crucial for users and organizations to mitigate the risks associated with this vulnerability, including updating the app and reviewing security measures.
  • This incident highlights the importance of regular security audits and proactive vulnerability management for all applications, especially those handling sensitive data.