CVE-2025-48925

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-836
View all →

Vulnerability Description

The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential, as exploited in the wild in May 2025.

Related Vulnerabilities

CVE-2021-23857

CRITICAL
CVSS:9.8(Critical)

Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to ...

CWE-8362021

CVE-2023-23450

CRITICAL
CVSS:9.8(Critical)

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote at...

CWE-8362023

CVE-2023-34132

CRITICAL
CVSS:9.8(Critical)

Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics...

CWE-8362023

CVE-2023-39546

HIGH
CVSS:8.8(High)

CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to th...

CWE-8362023

CVE-2023-4299

HIGH
CVSS:8.1(High)

Digi RealPort Protocol is vulnerable to a replay attack that may allow an attacker to bypass authentication to access connected equipment.

CWE-8362023

CVE-2017-7927

HIGH
CVSS:7.3(High)

A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-...

CWE-8362017