- Hackers are actively targeting a messaging app used by federal agencies
- The app was also involved in the signalgate scandal
- Hackers have already stolen chats and metadata from 60 government officials
The US Cyber Security and Infrastructure Security Agency (CISA) has warned that a popular signal messaging app, used by federal agencies, is under attack.
The clone, Telemessage, was found to have some serious problems, including a lack of proper end-to-end encryption.
Hackers have utilized two shortcomings, CVE-2025-48927 and CVE-2025-48928, to access federal chatlog files and metadata. CISA has given federal agencies until July 22 to use patches.
Federal Chat App Hacked
The new one comes months after the then US national security adviser Mike Waltz accidentally added Jeffrey Goldberg, head of editor at The Atlantic Oceanto a secret signal chat discussing running American strikes against Houthi rebels in Yemen. Waltz was then removed from his position as a result.
After studies of the failure, Waltz and others did not use signal, but a clone of the app called TM SGNL, which was developed by Telemessage.
The app was subsequently targeted at an attack that saw chatlog files and metadata of about 60 government officials, including members of secret services and an official in the White House, leaked online.
The first error erected by CISA, CVE-2025-48927, has a CVS score of 5.3, allowing hackers to extract sensitive data from memory dumps exposed by a Spring Boot Actuator error configuration in the Telemessage app that exposes /heapdump-endpoint.
The second error, CVE-2025-48928, has a CVS score of 4.0 and allows an attacker to access exposed passwords that are sent over HTTP by stealing a memory dump file through local access to the Telemessage server.
No other details of the deficiencies have been released by CISA, but the agency has said that federal agencies should patch the app by July 22 or stop using it completely.
Via Registered
