A critical insecure default vulnerability in TeleMessage TM SGNL is under active exploitation and allows an unauthenticated attacker to compromise the affected system.

The software is initialized with an insecure default configuration, which can be exploited by an unauthenticated attacker. This flaw allows unauthorized actors to leverage the insecure state of the resource to gain access or control.

With a Critical CVSS score of 9.5, a successful exploit could lead to a complete compromise of the affected system, resulting in significant data exfiltration, loss of service, and reputational damage. The inclusion of this vulnerability in the CISA Known Exploited Vulnerabilities (KEV) catalog confirms it is a proven, immediate threat currently being used by malicious actors, elevating the risk to the highest level.

Immediate Action: Per the CISA directive for BOD 22-01, federal agencies must apply mitigations by the deadline of July 21, 2025. Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Proactive Monitoring: Review system logs for signs of unauthorized access or anomalous activity related to the initial configuration of the service. Monitor for any modifications to default accounts or security settings.

Compensating Controls: Restrict network access to the affected service to only trusted hosts and networks. Implement strict access control lists (ACLs) to limit exposure until mitigations can be applied.

Public Exploit Available: Not specified in provided data.

Given the critical severity and confirmed active exploitation, this vulnerability poses an immediate and severe risk to the organization. We strongly recommend that administrators prioritize the immediate application of vendor-provided mitigations or discontinue use of the product to comply with the federal deadline and prevent system compromise.