- Hackers are actively targeting a messaging app used by federal agencies
- The app was also involved in the Signalgate scandal
- Hackers have already stolen chats and metadata from 60 government officials
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned a popular Signal messaging app clone being used by federal agencies is under attack.
The clone, TeleMessage, was found to have some serious issues, including a lack of proper end-to-end encryption.
Hackers have been exploiting two flaws, CVE-2025-48927 and CVE-2025-48928, to access federal chat logs and metadata. CISA has given federal agencies until July 22 to apply patches.
Federal chat app hacked
The new comes months after then-US national security advisor Mike Waltz accidentally added Jeffrey Goldberg, editor in chief at The Atlantic, to a secret Signal chat discussing ongoing US strikes against Houthi rebels in Yemen. Waltz was then removed from his position as a result.
Following investigations into the fiasco, it emerged that Waltz and others weren’t using Signal, but a clone of the app called TM SGNL, which was developed by TeleMessage.
The app was then subsequently targeted in an attack that saw the chat logs and metadata of around 60 government officials including Secret Service members and a White House official leaked online.
The first flaw listed by CISA, CVE-2025-48927, has a CVSS score of 5.3, and allows hackers to extract sensitive data from memory dumps exposed by a Spring Boot Actuator misconfiguration in the TeleMessage app that exposes the /heapdump endpoint.
The second flaw, CVE-2025-48928, has a CVSS score of 4.0, and allows an attacker to access exposed passwords sent over HTTP by stealing a memory-dump file through local access to the TeleMessage server.
No other details on the flaws have been released by CISA, but the agency has said that federal agencies must patch the app by July 22 or stop using it altogether.
Via The Register
Leave a comment