Hacker reconnaissance work on the TeleMessage app continues to evolve as recent reports reveal an alarming trend. As of Wednesday, at least eleven IP addresses have been identified actively attempting to exploit a critical vulnerability, known as CVE-2025-48927. What’s even more concerning is that thousands of other addresses may be conducting reconnaissance, seeking weaknesses to exploit.
The threat intelligence firm GreyNoise has flagged these attempts, indicating that over 2,009 unique IP addresses have investigated Spring Boot Actuator endpoints in the past three months. Among these, 1,582 IPs have specifically targeted the /health endpoints, a common method used to identify potential vulnerabilities.
The underlying issue with this vulnerability lies in the misconfiguration of Spring Boot Actuator, where an unsecured /heapdump endpoint is publicly accessible without any authentication. GreyNoise disclosed that this flaw creates a gateway for hackers to siphon crucial data from compromised systems. Users of TeleMessage—known for archiving chats for compliance—are particularly at risk, given their diverse clientele that includes government agencies and enterprises.
Despite claims from TeleMessage that they have patched the vulnerability, experts caution that patch timelines can significantly vary across organizations and systems. Users must remain vigilant. Howdy Fisher, a GreyNoise team member, emphasizes the importance of blocking malicious IPs and limiting access to sensitive endpoints to mitigate the risk of exploitation.
- Recommendations for Users:
- Block or monitor suspicious IP traffic closely.
- Disable or restrict access to the vulnerable
/heapdumpendpoint. - Limit exposure to Spring Boot Actuator endpoints.
As cybersecurity threats evolve, being proactive is essential. The rise in hacker activity, highlighted by GreyNoise, indicates just how critical it is for organizations that utilize the TeleMessage app to follow stringent security practices. With a focus on safeguarding sensitive data, these measures can help users protect themselves from potential breaches.
In a broader context, the crypto landscape has also seen a significant increase in theft, with over $2.17 billion already stolen in 2025, indicating a rising trend in cybercrime targeting financial and personal data. As such, maintaining security hygiene is imperative to mitigate risks associated with these vulnerabilities.
