TeleMessage Signal app lands on CISA's exploited vulnerability list - #CVE-2025-47729
A critical vulnerability in the TeleMessage Signal app, identified as CVE-2025-47729, has been added to CISA's Known Exploited Vulnerabilities catalog despite its low CVSS score. The flaw allows attackers to access unencrypted logs, group chat histories, and other sensitive data stored in a cloud-based archive, enabling user spoofing and network mapping. This vulnerability has raised significant concerns due to its potential impact on national security, given the app's use by high-profile officials. Security experts have criticized the app's architecture for storing plaintext message content outside user control, undermining secure communication principles. In response, Smarsh, the company behind TeleMessage, has suspended its Signal services pending investigation. Security professionals strongly advise discontinuing the use of such archiving systems as the only effective containment strategy.