CVE-2025-55443 is a critical vulnerability affecting Telpo Mobile Device Management (MDM) versions 1.4.6 through 1.4.9 on Android devices. The vulnerability arises because sensitive administrator credentials and MQTT server connection details, including IP addresses and ports, are stored in plaintext within log files on the device's external storage. External storage on Android devices is typically accessible by any app with storage permissions and potentially by physical attackers with device access. This exposure allows an attacker who can access these log files to retrieve administrator credentials and MQTT connection information without any authentication or user interaction. With these credentials, an attacker can authenticate to the MDM web platform and perform administrative operations such as shutting down devices, performing factory resets, or installing software remotely. Additionally, the attacker can connect to the MQTT server used by the MDM to intercept or publish device data, potentially leading to data leakage or manipulation of device behavior. The vulnerability is classified under CWE-312 (Cleartext Storage of Sensitive Information). The CVSS v3.1 base score is 9.1, indicating a critical severity, with an attack vector of network (AV:N), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality and availability but no impact on integrity. No known exploits are reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability affects the confidentiality of administrator credentials and MQTT connection details, and the availability of managed devices due to possible forced shutdowns or factory resets by attackers.

For European organizations using Telpo MDM versions 1.4.6 to 1.4.9 on Android devices, this vulnerability poses a significant risk. Unauthorized access to administrator credentials can lead to full compromise of the MDM platform, allowing attackers to control managed devices remotely. This could result in widespread device shutdowns, factory resets causing data loss, or unauthorized software installations that may introduce malware or backdoors. The interception and manipulation of MQTT communications can lead to data breaches, loss of sensitive information, and disruption of device operations. Given that MDM platforms are often used to manage critical enterprise mobile assets, this vulnerability could disrupt business continuity, violate data protection regulations such as GDPR, and damage organizational reputation. The lack of required privileges or user interaction makes exploitation easier, increasing the likelihood of attacks if devices are physically or remotely accessible. The impact on availability and confidentiality is high, which is particularly concerning for sectors relying on mobile device fleets, including logistics, retail, healthcare, and public services across Europe.

European organizations should immediately audit their use of Telpo MDM and identify devices running vulnerable versions (1.4.6 through 1.4.9). Since no official patches are currently linked, organizations should implement compensating controls: 1) Restrict access to devices’ external storage by enforcing strict app permissions and using mobile device security policies to prevent unauthorized apps from reading log files. 2) Physically secure devices to prevent unauthorized access to external storage. 3) Monitor network traffic for unusual MQTT connections or administrative access attempts to the MDM platform. 4) Rotate administrator credentials and MQTT server credentials if possible, especially if there is suspicion of compromise. 5) Consider isolating the MQTT server and MDM platform behind strong network segmentation and access controls to limit exposure. 6) Engage with Telpo for updates or patches and plan for timely deployment once available. 7) Educate IT and security teams about the risks of storing sensitive information in plaintext and review logging practices to avoid similar issues. 8) Implement endpoint detection and response (EDR) solutions on managed devices to detect anomalous activities such as unauthorized factory resets or software installations.