CVE-2025-48925
MEDIUMDescription
The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential.
Is your site exposed to CVE-2025-48925?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| smarsh | telemessage |
References
Frequently Asked Questions
What is CVE-2025-48925? +
How severe is CVE-2025-48925? +
What products are affected by CVE-2025-48925? +
How do I check if I'm vulnerable to CVE-2025-48925? +
Related Vulnerabilities
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from …
ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other …
E3 Site Supervisor Control (firmware version < 2.31F01) application services (MGW and RCI) uses client side hashing for authentication. An …
OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve …
A use of password hash instead of password for authentication vulnerability [CWE-836] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb …
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as …