CVE-2025-48931

The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.2 LOW
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
mitreCNA
3.2 LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
smarshtelemessage
𝑥
≤ 2025-05-05
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/