Unrated severityNVD Advisory· Published Aug 26, 2025· Updated Aug 27, 2025

CVE-2025-55443

Description

Telpo MDM 1.4.6 thru 1.4.9 for Android contains sensitive administrator credentials and MQTT server connection details (IP/port) that are stored in plaintext within log files on the device's external storage. This allows attackers with access to these logs to: 1. Authenticate to the MDM web platform to execute administrative operations (device shutdown/factory reset/software installation); 2. Connect to the MQTT server to intercept/publish device data.

Affected products

Telpo/MDMdescription
Telpo/MDMllm-create
Range: 1.4.6 through 1.4.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/raiji1n/a2ce5dd46c312e3bd38b9b2446b95860mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000