TeleMessage: Exposed Actuator /heapdump Endpoint Allows Heap Dump Leak
CVE-2025-48927 Published on May 28, 2025
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Known Exploited Vulnerability
This TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI.
The following remediation steps are recommended / required by July 22, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Insecure Default Initialization of Resource
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
Products Associated with CVE-2025-48927
Want to know whenever a new CVE is published for Smarsh Telemessage? stack.watch will email you.
Affected Versions
TeleMessage service:- Before and including 2025-05-05 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.