Hackers are actively targeting a critical security flaw, CVE-2025-48927, in TeleMessage, a chat archiving platform used for regulatory compliance. According to a recent report by GreyNoise, malicious actors have ramped up attempts to exploit the vulnerability, which affects the Spring Boot Actuator component, specifically the publicly exposed /heapdump endpoint.
Legacy Flaw in Spring Boot Leaves Systems Exposed
The vulnerability arises from a legacy confirmation issue in Spring Boot Actuator, where the /heapdump endpoint can be accessed without authentication. This flaw can allow attackers to extract sensitive application data, posing a serious risk to organizations relying on the framework.
Since April 2025, GreyNoise has identified 11 IP addresses actively trying to exploit this specific flaw. In addition, a staggering 2,009 IP addresses have been observed scanning for Spring Boot Actuator endpoints, with 1,582 of them targeting the /health endpoint — indicating widespread reconnaissance and potential exploitation attempts.
TeleMessage Breach Raises Alarms Across Enterprises
TeleMessage, acquired by Smarsh in 2024, faced a major data breach in May 2025 that resulted in stolen files. Although the company claims to have patched the vulnerability, GreyNoise cautions that patch rollout timelines can vary across environments, leaving systems exposed during the transition.
Used by enterprises and even former U.S. government officials, TeleMessage plays a critical role in archiving messaging data for legal and compliance needs. The breach and continued exploit activity raise concerns over the security of sensitive communications.
GreyNoise strongly advises organizations to:
-
Restrict public access to the
/heapdumpendpoint. -
Block known malicious IP addresses involved in exploit attempts.
-
Regularly audit and update Spring Boot configurations to avoid legacy exposure.
Meanwhile, broader cybersecurity threats continue to surge. Crypto-related thefts have topped $2.17 billion in 2025 alone, reflecting the evolving threat landscape.
Proactive patching, endpoint hardening, and threat intelligence monitoring are key to minimizing risk and protecting organizational data from emerging vulnerabilities like CVE-2025-48927.
