Hacker reconnaissance work continues on TeleMessage app vulnerability — Report

TeleMessage App Vulnerability: Hackers Intensify Reconnaissance, Posing Data Breach Risks

Concerns are mounting over a significant security vulnerability affecting the TeleMessage messaging app. A recent report indicates a surge in malicious activity, with hackers actively seeking to exploit a known flaw, designated CVE-2025-48927.

Exploitation Attempts on the Rise

The report highlights that at least 11 IP addresses have been identified attempting to directly exploit the vulnerability since April. This signifies a clear and present danger to user data and app security.

Widespread Reconnaissance Activity Detected

Beyond direct exploitation attempts, a far greater number of IP addresses appear to be engaged in reconnaissance activities. This involves probing the TeleMessage infrastructure for potential weaknesses. Specifically:

• Over 2,000 IP addresses have scanned for Spring Boot Actuator endpoints in the last 90 days.
• 1,582 IPs have specifically targeted the /health endpoints, commonly used to detect Spring Boot Actuator deployments.

These reconnaissance efforts suggest a broader campaign to identify and exploit vulnerabilities within the TeleMessage app, potentially leading to widespread data breaches and privacy violations.

What Does This Mean for Indian Users?

Given the popularity of messaging apps for both personal and professional communication in India, this vulnerability poses a significant risk. Users are urged to:

• Ensure their TeleMessage app is updated to the latest version, if updates are available.
• Be cautious of suspicious links or messages received through the app.
• Monitor their accounts for any unusual activity.

The government and cybersecurity agencies are likely monitoring the situation and may issue further advisories. Vigilance and proactive security measures are crucial during this period.