CVE-2025-48925 Information

Description

The TeleMessage service through 2025-05-05 relies on the client side (e.g. the TM SGNL app) to do MD5 hashing and then accepts the hash as the authentication credential as exploited in the wild in May 2025.

Reference

https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/