TL;DR
- A critical flaw in Signal clone app TeleMessage is under active exploitation.
- Hackers can access plaintext usernames, passwords, and sensitive chats.
- The vulnerability, CVE-2025-48927, is now on the U.S. CISA’s Known Exploited Vulnerabilities catalog.
- Government and corporate users, including CBP and Coinbase, were reportedly affected.
- The attack follows a scandal involving former Trump official Mike Waltz and operational leaks.
Vulnerability in Signal Clone Under Attack
A previously disclosed bug in TeleMessage, a corporate clone of Signal, is now being actively exploited by hackers. Security firm GreyNoise reported that several attackers are trying to breach systems still vulnerable to the flaw.
The app, designed to provide compliant messaging for government and enterprise clients, was already breached in May, exposing private data from agencies and major firms.
According to Howdy Fisher, a researcher at GreyNoise, the vulnerability allows trivial access to user data:
“I was left in disbelief at the simplicity of this exploit.”
TeleMessage Used by Government Officials
TeleMessage made headlines in May 2025 when it was revealed that former U.S. National Security Advisor Mike Waltz accidentally leaked a sensitive group chat discussing military operations. The incident exposed a classified channel between Trump administration officials.
Soon after this exposure, unknown attackers compromised TeleMessage, accessing sensitive user conversations, including those from U.S. Customs and Border Protection and Coinbase, according to 404 Media.
CISA Flags Critical Security Risk
In early July, the Cybersecurity and Infrastructure Security Agency (CISA) officially added CVE-2025-48927 to its Known Exploited Vulnerabilities Catalog, indicating real-world exploit attempts have already been successful.
While no confirmed breaches of active TeleMessage users have been publicly disclosed since July, experts warn the app’s exposure remains a major threat vector.
“Many devices are still open and vulnerable to this,” Fisher emphasized.
Why This Matters for Government and Enterprise Messaging
The TeleMessage case is a cautionary tale about relying on private clones of secure platforms without adequate vetting or patching protocols. The company’s failure to promptly fix the exploit — now under widespread attack — illustrates broader concerns in government-grade secure messaging.
Given its popularity with regulatory-driven sectors, including law enforcement, finance, and defense, TeleMessage’s exposure has national security implications.
TeleMessage Breach Impact
| Affected Parties | Type of Data Exposed | Source |
| U.S. CBP | Internal group chats | 404 Media |
| Coinbase | Executive messaging logs | 404 Media |
| Trump Admin Officials | Military operation discussions | Wired |
| Unknown corporate clients | Usernames, passwords, raw chats | GreyNoise |
What’s Next: Security Actions and Public Response
Although TeleMessage has not issued a new public statement, its silence raises concerns. The broader tech security community — including vendors and IT compliance officers — are now urgently investigating whether their systems may be exposed through integrations with the platform.
Meanwhile, users are advised to disconnect any TeleMessage services, rotate credentials, and monitor for unusual access or traffic related to the app.
The lesson is clear: compliance-grade does not always mean secure.
