U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a TeleMessage TM SGNL flaw, tracked as CVE-2025-47729 (CVSS score of 1.9), to its Known Exploited Vulnerabilities (KEV) catalog. “The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of […] Source 404 Media A screenshot provided by the hacker. The exposed TeleMessage data includes message contents, government contact info, backend credentials, and client clues. Messages came from modified Signal and include political and crypto-related discussions, such as chats involving Galaxy Digital and U.S. Senate bill deliberations. The hacker gained access to debug data from TeleMessage that included fragments of live, unencrypted messages. 404 Media verified the breach by contacting CBP officials listed in the data, confirming its authenticity. “The server that the hacker compromised is hosted on Amazon AWS’s cloud infrastructure in Northern Virginia. By reviewing the source code of TeleMessage’s modified Signal app for Android, 404 Media confirmed that the app sends message data to this endpoint.” concludes the media. “404 Media also made an HTTP request to this server to confirm that it is online.” Journalist Micah Lee analyzed TeleMessage’s Signal clone, finding hardcoded credentials and license concerns. He accessed its Android source via a leaked URL. Other researchers later found iOS code. The app may violate Signal’s open-source terms. Meanwhile, Waltz, linked to Signal misuse, was reassigned. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure. CISA orders federal agencies to fix these vulnerabilities by June 2, 2025. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, CISA)
Published: 2025-05-12T20:09:22