The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive following the active exploitation of critical security vulnerabilities in TeleMessage TM SGNL, a secure messaging application modeled after Signal and widely used by federal agencies and national security personnel.
Critical Vulnerabilities Under Active Attack
CISA’s warning comes after the discovery of two severe vulnerabilities—CVE-2025-48927 and CVE-2025-48928—being actively exploited by threat actors. These vulnerabilities have enabled attackers to gain unauthorized access to chat logs and metadata belonging to at least 60 government officials.
The TeleMessage TM SGNL platform, which gained attention during the recent “Signalgate” incident, was initially believed to offer the same level of security as the original Signal app. However, subsequent investigations revealed that TM SGNL does not provide true end-to-end encryption between the user’s device and the message archive, leaving archived chat logs accessible in plaintext to attackers.
Federal Mandate to Patch or Discontinue Use
In response to the ongoing threat, CISA has added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog and has mandated all federal agencies to apply the necessary patches or discontinue use of the application by July 22, 2025. The agency emphasized that, due to the server-side nature of the vulnerabilities, end-users have limited recourse beyond ceasing use of the app until a verified fix is available.
Vendor Response and Service Suspension
TeleMessage’s parent company, Smarsh, has temporarily suspended all TeleMessage services while a comprehensive investigation is underway. The company is working closely with federal authorities to address the security flaws and restore trust in its platform.
Lessons Learned: The Risks of Third-Party Messaging Clones
This incident highlights the significant risks associated with third-party clones of secure messaging applications, particularly when their security architectures do not fully replicate those of the originals. The lack of robust, end-to-end encryption in TM SGNL underscores the importance of rigorous security vetting for any communication tools used in sensitive government or national security contexts.
Summary Table: TeleMessage TM SGNL Security Incident
| Aspect | Details |
|---|---|
| App in question | TeleMessage TM SGNL (Signal clone) |
| Vulnerabilities | CVE-2025-48927, CVE-2025-48928 (server-side, exploited in the wild) |
| Impact | Theft of chat logs and metadata from federal officials |
| Encryption issue | No true end-to-end encryption to archive; plaintext logs accessible |
| CISA directive | Patch or discontinue use by July 22, 2025 |
| Vendor response | All TeleMessage services temporarily suspended for investigation |
