TeleMessage App Vulnerability: Hackers Exploit Spring Boot Actuator Flaw
A recent report by GreyNoise reveals that hackers are actively exploiting the CVE-2025-48927 vulnerability in the TeleMessage app. Since April, at least 11 IP addresses have attempted to leverage this security flaw, with over 2,000 conducting reconnaissance. The vulnerability enables unauthorized data extraction due to an unsecured /heapdump endpoint in Spring Boot Actuator.
Understanding the Security Flaw
The issue arises from a legacy configuration in Spring Boot Actuator, which leaves the /heapdump endpoint publicly accessible without authentication. TeleMessage, now owned by Smarsh after its 2024 acquisition, serves government and enterprise clients. While the company has patched the vulnerability, the rollout timeline varies.
Protective Measures Against Exploitation
GreyNoise advises taking these steps to mitigate risks:
- Block identified malicious IP addresses
- Restrict or disable access to the /heapdump endpoint
- Minimize exposure to Actuator endpoints
The Bigger Cybersecurity Picture
This incident highlights the increasing sophistication of cyber threats. In 2025 alone, crypto-related thefts surpassed $2.17 billion. Attackers continue to employ phishing, malware, and social engineering tactics.
“Implementation timelines for patches can vary significantly,” noted Howdy Fisher, a GreyNoise security analyst.
