As of Wednesday, at least eleven IP addresses have actively tried to exploit the vulnerability, with thousands more addresses possibly doing reconnaissance work.
Hackers are continuing to seek out opportunities to exploit the infamous CVE-2025-48927 vulnerability involved in TeleMessage, according to a new report from threat intelligence company GreyNoise.
GreyNoise’s tag, which monitors attempts to take advantage of the vulnerability, has detected 11 IP addresses that have attempted the exploit since April.
Other IP addresses may be performing reconnaissance work: A total of 2,009 IPs have searched for Spring Boot Actuator endpoints in the past 90 days, and 1,582 IPs have specifically targeted the /health endpoints, which commonly detect Spring Boot Actuator deployments.
