CVE-2025-52571

Published Jun 24, 2025

Last updated 22 days ago

CVSS critical 9.6

Overview

Description
Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.6
Impact score
6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-287

Social media

Hype score
Not currently trending

  1. [CVE-2025-52571: CRITICAL] Critical vulnerability identified in Hikka Telegram userbot versions below 1.6.2. Unauthenticated attackers can gain account access & server control. Update to 1.6.2 now to patch.#cve,CVE-2025-52571,#cybersecurity https://t.co/egEECiqhfX https://t.c

    @CveFindCom

    24 Jun 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.