The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a core dump in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors.