TeleMessage SGNL, an Israel-based messaging application often utilized by U.S. government agencies and specific regulated businesses, is facing serious scrutiny following revelations about its outdated configurations that have exposed sensitive internal data online without requiring login credentials. Cybersecurity researchers at GrayNoise reported that some instances of TeleMessage SGNL are operating with older versions of the Spring Boot framework, resulting in a publicly accessible diagnostic endpoint known as ‘/heapdump’.
This ‘/heapdump’ endpoint can leak entire memory snapshots of the application, which may include usernames, passwords, and critical session information. The risk is exacerbated by the fact that while newer releases of Spring Boot include security measures to disable this feature by default, numerous TeleMessage instances were still found to be running these insecure configurations as of May 5, 2025.
The vulnerability, tracked under CVE-2025-48927, has been included in the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities catalogue as of July 14, indicating that real-world exploit attempts are likely underway. GrayNoise documented that as recently as July 16, at least 11 IP addresses were recorded as attempting to exploit this critical flaw.
In addition to the current vulnerability, TeleMessage SGNL has a troubling history regarding security breaches. The platform suffered a significant data leak in May 2025, during which sensitive user information was accessed by an unauthorized entity. Following that breach, CISA added CVE-2025-47729, linked to the incident, to its list of known exploited vulnerabilities. This led to the subsequent archiving of approximately 410 gigabytes of sensitive data by Distributed Denial of Secrets, further highlighting the platform’s ongoing security challenges.
In response to the recent vulnerabilities, CISA has issued a Binding Operational Directive, mandating federal agencies either to apply necessary patches or discontinue use of the software by July 22, 2025. While this directive is primarily directed at federal systems, organizations using TeleMessage SGNL are advised to act promptly. Experts recommend reviewing endpoint exposure, disabling or restricting access to vulnerable configurations, and upgrading to more secure software versions immediately.