Signal App Clone Vulnerability Actively Exploited for Password Theft

Signal App Clone Vulnerability Actively Exploited for Password Theft A critical vulnerability in TeleMessageTM SGNL, an enterprise messaging platform modeled after Signal, is being actively exploited by threat actors to steal passwords andsensitive datafrom government agencies and enterprises. The flaw, tracked as CVE-2025-48927, was added to CISA’s Known Exploited Vulnerabilities catalog on July 14th, indicating widespread exploitation in the wild. Vulnerability Details CVE-2025-48927 affects certain deployments of TeleMessageTM SGNL, a secure communications archiving system used by government agencies and enterprises to maintain records of encrypted messaging. The vulnerability stems from the platform’s continued use of legacy configurations in Spring Boot Actuator, where a diagnostic /heapdump endpoint remains publicly accessible without authentication. When exploited, this endpoint can return a complete snapshot of heap memory—approximately 150MB—containing plaintext usernames, pas...