CVE-2025-55443

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/raiji1n/a2ce5dd46c312e3bd38b9b2446b95860	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:telpo:telpo_mdm:*:*:*:*:*:android:*:*

History

No history.

Information

Published : 2025-08-26 20:15

Updated : 2025-09-09 18:54

NVD link : CVE-2025-55443

Mitre link : CVE-2025-55443

CVE.ORG link : CVE-2025-55443

JSON object : View

Products Affected

telpo

telpo_mdm

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2025-55443", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-08-26T20:15:40.940", "references": [{"url": "https://gist.github.com/raiji1n/a2ce5dd46c312e3bd38b9b2446b95860", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data."}, {"lang": "es", "value": "Telpo MDM 1.4.6 a 1.4.9 para Android contiene credenciales de administrador confidenciales y detalles de conexi\u00f3n al servidor MQTT (IP/puerto) que se almacenan en texto plano en archivos de registro en el almacenamiento externo del dispositivo. Esto permite a los atacantes con acceso a estos registros: 1. Autenticarse en la plataforma web MDM para ejecutar operaciones administrativas (apagado del dispositivo, restablecimiento de f\u00e1brica e instalaci\u00f3n de software); 2. Conectarse al servidor MQTT para interceptar y publicar datos del dispositivo."}], "lastModified": "2025-09-09T18:54:53.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:telpo:telpo_mdm:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "508AAE87-82CB-4530-ABEC-C7E51E0A97DB", "versionEndIncluding": "1.4.9", "versionStartIncluding": "1.4.6"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}