CVE Vulnerabilities

CVE-2025-48928

Exposure of Core Dump File to an Unauthorized Control Sphere

Published: May 28, 2025 | Modified: May 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a core dump in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.

Weakness

The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.

Potential Mitigations

References