Flaw in Signal App Clone Could Leak Passwords — GreyNoise Identifies Active Reconnaissance and Exploit Attempts

A critical vulnerability identified as CVE-2025-48927 affects specific deployments of TeleMessageTM SGNL, a clone of the Signal messaging application. Security vendor GreyNoise has observed active reconnaissance and exploitation attempts targeting this flaw. The vulnerability allows unauthorized attackers to retrieve a full snapshot of heap memory from exposed endpoints. This memory dump potentially contains sensitive plaintext information, including usernames and passwords, leading to significant credential compromise. Organizations utilizing TeleMessageTM SGNL must immediately patch affected systems or restrict endpoint access to mitigate data leakage risks. While no specific threat actor group has been attributed to these activities, the active exploitation indicates an immediate threat to user privacy and authentication security. Prompt remediation is essential to prevent unauthorized access to sensitive communication data and associated credentials stored within the application memory.

A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessageTM SGNL. If exposed, this endpoint can return a full snapshot of heap memory which may include plaintext usernames, passwords, and other sensitive data.

A critical vulnerability identified as CVE-2025-48927 affects specific deployments of TeleMessageTM SGNL, a clone of the Signal messaging application. Security vendor GreyNoise has observed active reconnaissance and exploitation attempts targeting this flaw. The vulnerability allows unauthorized attackers to retrieve a full snapshot of heap memory from exposed endpoints. This memory dump potentially contains sensitive plaintext information, including usernames and passwords, leading to significant credential compromise. Organizations utilizing TeleMessageTM SGNL must immediately patch affected systems or restrict endpoint access to mitigate data leakage risks. While no specific threat actor group has been attributed to these activities, the active exploitation indicates an immediate threat to user privacy and authentication security. Prompt remediation is essential to prevent unauthorized access to sensitive communication data and associated credentials stored within the application memory. A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessageTM SGNL. If exposed, this endpoint can return a full snapshot of heap memory which may include plaintext usernames, passwords, and other sensitive data. A vulnerability disclosed in May 2025, CVE-2025-48927, affects certain deployments of TeleMessageTM SGNL. If exposed, this endpoint can return a full snapshot of heap memory which may include plaintext usernames, passwords, and other sensitive data.