CVE-2025-55443CRITICAL 9.1EPSS p13.1%

CVE-2025-55443CVE-2025-55443

Description

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS0.23% probability of exploitation · percentile 13.1% · 2026-06-18T12:00:27Z
Published2025-08-26
Last modified2025-09-09

Underlying weaknesses· 1

CWE-312

References

  1. https://gist.github.com/raiji1n/a2ce5dd46c312e3bd38b9b2446b95860

1

TypeTargetConfidenceTier
WeaknessCleartext Storage of Sensitive Informationcwe-3120%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-65826
CVE
CVE-2025-56447
CVE
CVE-2025-10681
CVE
CVE-2025-53558
CVE
CVE-2025-1242
CVE
CVE-2025-0593
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.