CVE-2025-48931
LOWDescription
The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| smarsh | telemessage |
References
Frequently Asked Questions
What is CVE-2025-48931? +
How severe is CVE-2025-48931? +
What products are affected by CVE-2025-48931? +
How do I check if I'm vulnerable to CVE-2025-48931? +
Related Vulnerabilities
### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of …
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only …
LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause …
MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making …
Redeight CMS version 1.0 uses the MD5 algorithm without a salt to store user passwords. Because MD5 is a cryptographically …
free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up …