CVE-2025-47729MEDIUM 4.9CISA KEVEPSS p31.3%

CVE-2025-47729TeleMessage TM SGNL Hidden Functionality Vulnerability

TeleMessage / TM SGNL

Description

TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.

Scoring

CVSS 3.14.9 (MEDIUM)
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
EPSS0.40% probability of exploitation · percentile 31.3% · 2026-06-19T12:03:05Z
Published2025-05-08
Last modified2025-11-05

CISA KEV entry

Added to KEV: 2025-05-12

Underlying weaknesses· 1

CWE-912

References

  1. https://arstechnica.com/security/2025/05/signal-clone-used-by-trump-official-stops-operations-after-report-it-was-hacked/
  2. https://news.ycombinator.com/item?id=43909220
  3. https://www.theregister.com/2025/05/05/telemessage_investigating/
  4. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-47729

1

TypeTargetConfidenceTier
WeaknessHidden Functionalitycwe-9120%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryTeleMessage TM SGNL Hidden Functionality Vulnerabilitykev-cve-2025-477290%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability
CVE
CVE-2025-48929
CVE
TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability
CVE
CVE-2026-37579
CVE
CVE-2026-21025
CVE
CVE-2025-1532
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.