Hackers are continuing to seek out opportunities to exploit the infamous CVE-2025-48927 vulnerability involved in TeleMessage, according to a new report from threat intelligence company GreyNoise.
GreyNoise’s tag, which monitors attempts to take advantage of the vulnerability, has detected 11 IP addresses that have attempted the exploit since April.
Other IP addresses may be performing reconnaissance work: A total of 2,009 IPs have searched for Spring Boot Actuator endpoints in the past 90 days, and 1,582 IPs have specifically targeted the /health endpoints, which commonly detect Spring Boot Actuator deployments.
The flaw allows hackers to extract data from vulnerable systems. The issue “stems from the platform’s continued use of a legacy confirmation in Spring Boot Actuator, where a diagnostic /heapdump endpoint is publicly accessible without authentication,” the research team told Cointelegraph.
TeleMessage is similar to the Signal App but allows for the archiving of chats for compliance purposes. Based in Israel, the company was acquired by US company Smarsh in 2024, before temporarily suspending services after a security breach in May that resulted in files being stolen from the app.
“TeleMessage has stated that the vulnerability has been patched on their end,” said Howdy Fisher, a member of the GreyNoise team. “However, patch timelines can vary depending on a variety of factors.”
Although security weaknesses in apps are more common than desired, the TeleMessage vulnerability could be significant for its users: government organizations and enterprises. Users of the app may include former US government officials like Mike Waltz, US Customs and Border Protection and crypto exchange Coinbase.
GreyNoise recommends users block malicious IPs and disable or restrict access to the /heapdump endpoint. In addition, limiting exposure to Actuator endpoints may be helpful, it said.
Related: Threat actors using ‘elaborate social engineering scheme’ to target crypto users — Report
Crypto theft rising in 2025; credentials on darknet go for thousands
Chainalysis' latest crime report notes that over $2.17 billion has been stolen so far in 2025, a pace would take crypto-related thefts to new highs. Notable security attacks over the past months include physical “wrench attacks” on Bitcoin holders and high-profile incidents such as the February hack of crypto exchange Bybit.
Attempts to steal credentials often involve phishing attacks, malicious malware, and social engineering.
Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why
