MidnightBSD

Advisories for telemessage

CVE-2025-47729

The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of messages from TM SGNL (aka Archive Signal) app users, which is different functionality than described in the TeleMessage "End-to-End encryption from the mobile phone through to the corporate archive" documentation, as exploited in the wild in May 2025.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@mitre.org 1.9 LOW CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 0.5 1.4
nvd@nist.gov 4.9 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N 1.2 3.6

Products Affected

Vendor Product Version
telemessage text_message_archiver *