- Hackers continue exploiting a key vulnerability in TeleMessage, affecting critical endpoints.
- The flaw enables attackers to extract data from unprotected systems using the Spring Boot Actuator framework.
- GreyNoise detected 11 IPs actively trying to exploit the bug, and over 2,000 performing related scans since April.
- TeleMessage reported patching the vulnerability after a security breach led to stolen files in May 2024.
- Chainalysis reports over $2.17 billion lost to crypto theft in 2025, driven by social engineering and Malware.
Hackers are working to exploit a vulnerability, known as CVE-2025-48927, in the TeleMessage messaging app. A report from threat intelligence firm GreyNoise confirms that attackers continue to target this flaw, which allows unauthorized data extraction from affected systems.
The issue stems from the Spring Boot Actuator framework, where a diagnostic endpoint called /heapdump was publicly accessible without a password. According to GreyNoise, their monitoring detected 11 IP addresses attempting direct exploits of the flaw since April. In addition, over 2,000 other IP addresses searched for Actuator endpoints, with 1,582 focusing on the /health feature that helps find vulnerable installations.
The GreyNoise team told Cointelegraph that the problem comes from using old confirmation methods in Spring Boot Actuator, making the /heapdump endpoint easy for Hackers to reach. “TeleMessage has stated that the vulnerability has been patched on their end,” said Howdy Fisher from GreyNoise. “However, patch timelines can vary depending on a variety of factors.”
TeleMessage, which operates similarly to Signal but offers chat archiving for compliance, is used by government organizations and companies such as US Customs and Border Protection and crypto exchange Coinbase. In May 2024, the app suspended services after a security breach led to files being stolen. The company was acquired by US-based Smarsh earlier in the year, as noted in a press release.
GreyNoise recommends users block suspicious IPs and restrict access to the /heapdump endpoint. Limiting exposure to all Actuator endpoints can also help prevent attacks, according to their report.
Cybersecurity threats targeting crypto users are on the rise in 2025. According to a report by Chainalysis, over $2.17 billion has been stolen through various methods including phishing, malware, and physical attacks. High-profile cases include the Bybit exchange hack in February. Users of vulnerable apps may include former US government officials, as highlighted in this NBC report.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- China’s Massistant Tool Targets Seized Phones for Data Extraction
- India Rejects BRICS De-Dollarization, Supports US Dollar in Trade
- GMU SECSAT Lab Selects Theta EdgeCloud Hybrid for AI Research
- Bitcoin Core Patch Ends Five-Year Disk Fill Attack Bug on Nodes
- Charles Schwab Explores Launching Stablecoin, Eyes Crypto ETFs
