CISA has flagged two new exploited vulnerabilities (CVE-2025-48927, CVE-2025-48928) in the TeleMessage TM SGNL app, used by government staff, urging urgent patching. The flaws expose sensitive memory data due to outdated JSP tech and unsecured heap dumps. Smarsh, TeleMessage’s parent company, suspended services after prior encryption issues.