{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-48925", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-28T17:18:37.916Z", "dateReserved": "2025-05-28T00:00:00.000Z", "datePublished": "2025-05-28T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "service", "vendor": "TeleMessage", "versions": [{"lessThanOrEqual": "2025-05-05", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-836", "description": "CWE-836 Use of Password Hash Instead of Password for Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-05-28T16:54:09.037Z"}, "references": [{"url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/"}], "tags": ["exclusively-hosted-service"], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-28T17:17:21.167368Z", "id": "CVE-2025-48925", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T17:18:37.916Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-48925", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-28T17:17:21.167368Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T17:18:19.891Z"}}], "cna": {"tags": ["exclusively-hosted-service"], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "TeleMessage", "product": "service", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2025-05-05"}], "defaultStatus": "unknown"}], "references": [{"url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-836", "description": "CWE-836 Use of Password Hash Instead of Password for Authentication"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-05-28T16:54:09.037Z"}}}, "cveMetadata": {"cveId": "CVE-2025-48925", "state": "PUBLISHED", "dateUpdated": "2025-05-28T17:18:37.916Z", "dateReserved": "2025-05-28T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-05-28T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["exclusively-hosted-service"]}], "descriptions": [{"lang": "en", "value": "The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025."}], "id": "CVE-2025-48925", "lastModified": "2025-05-29T14:29:50.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-05-28T17:15:24.450", "references": [{"source": "[email protected]", "url": "https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-836"}], "source": "[email protected]", "type": "Primary"}]}

{}