Users’ Private Data at Risk

A previously reported bug in the Signal clone app TeleMessage has once again come under scrutiny, this time with hackers targeting the vulnerability to steal users’ private data. According to security researchers and a U.S. government agency, the flaw, which was originally disclosed in May, has not been patched, leaving users exposed to potential cyber threats.

TeleMessage, a messaging app that markets itself as a secure and private alternative to popular messaging apps like Signal, WhatsApp, and Telegram, has been used by high-ranking officials in the Trump administration, including then-U.S. National Security Advisor Mike Waltz. The app has also been used by corporations and government agencies that need to archive chats for legal and compliance reasons.

However, TeleMessage’s security has been called into question after a data breach in May, where unknown attackers stole the contents of users’ private messages and group chats, including from Customs and Border Protection and the cryptocurrency giant Coinbase. The breach was attributed to a vulnerability in the app, which has now been identified as CVE-2025-48927.

GreyNoise, a cybersecurity firm, has published a post warning of several attempts to exploit the flaw in TeleMessage. The company, which has visibility into what hackers are doing on the internet thanks to its network of sensors, has seen several attempts to exploit the vulnerability, and has warned that hackers could gain access to plaintext usernames, passwords, and other sensitive data.

“I was left in disbelief at the simplicity of this exploit,” GreyNoise researcher Howdy Fisher wrote in a post analyzing the flaw. “After some digging, I found that many devices are still open and vulnerable to this.” The researcher noted that exploiting the flaw is “trivial,” and it seems that hackers have taken notice.

The vulnerability, designated as CVE-2025-48927, was listed by the U.S. cybersecurity agency CISA as a Known Exploited Vulnerability in early July. This designation indicates that hackers are successfully exploiting the bug, and it is only a matter of time before users’ private data is compromised. However, no hacks against TeleMessage customers have been publicly reported.

TeleMessage has not commented on the vulnerability or the attempts to exploit it. The company’s lack of response has raised concerns among security experts, who warn that the vulnerability is a serious threat to users’ private data.

The vulnerability in TeleMessage has a history of controversy, dating back to May when then-U.S. National Security Advisor Mike Waltz accidentally revealed he was using the app. The incident led to a scandal, resulting in Waltz’s ousting. The company was subsequently hacked, and the vulnerability has now been exposed once again, highlighting the importance of prioritizing cybersecurity and ensuring that vulnerabilities are patched to prevent potential data breaches.