TeleMessage Heap Dump Exposure Vulnerability Allowing Sensitive Data Disclosure
Vulnerability
A vulnerability in the TeleMessage service admin panel, present through May 5, 2025, allows attackers to access sensitive user information, including usernames, email addresses, passwords, and telephone numbers. This issue arises from a misconfiguration that exposed a Java heap dump containing unencrypted chat logs and other private data. The vulnerability was exploited in the wild, compromising accounts of users from U.S. Customs and Border Protection and Coinbase.
Impact
Exploitation of this vulnerability led to unauthorized access to sensitive user credentials and plaintext chat logs, including internal communications from Coinbase.
Reproduction
The vulnerability can be reproduced by accessing the exposed heap dump endpoint on the TeleMessage archive server. This endpoint, which was publicly accessible due to a misconfiguration, can be loaded to generate a heap dump file containing sensitive information such as usernames, passwords, and unencrypted chat logs. The admin panel also revealed that passwords were hashed using the insecure MD5 algorithm, further facilitating the extraction of credentials.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.