CVE-2025-55443
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-26

Last updated on: 2025-09-09

Assigner: MITRE

Description
Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-26
Last Modified
2025-09-09
Generated
2026-06-16
AI Q&A
2025-08-26
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55443
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
telpo telpo_mdm From 1.4.6 (inc) to 1.4.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-312 The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Telpo MDM versions 1.4.6 through 1.4.9 for Android involves sensitive administrator credentials and MQTT server connection details being stored in plaintext within log files on the device's external storage. An attacker who gains access to these log files can use the credentials to authenticate to the MDM web platform and perform administrative actions such as device shutdown, factory reset, or software installation. Additionally, the attacker can connect to the MQTT server to intercept or publish device data.

Impact Analysis

The vulnerability can allow an attacker with access to the device's external storage to gain administrative control over the MDM platform, enabling them to perform disruptive actions like shutting down devices, resetting them to factory settings, or installing unauthorized software. Furthermore, the attacker can intercept or manipulate device data by connecting to the MQTT server, potentially compromising device integrity and data confidentiality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55443. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart