We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-52571

Hikka vulnerable to RCE through edits in a channel



Description

Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.

Reserved 2025-06-18 | Published 2025-06-24 | Updated 2025-06-24 | Assigner GitHub_M


CRITICAL: 9.7CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Problem types

CWE-287: Improper Authentication

Product status

< 1.6.2
affected

References

github.com/.../Hikka/security/advisories/GHSA-vwpq-wm8w-44wf

github.com/...ommit/9a0e4b1b387ef828c345c43d990421d5afcff5f6

cve.org (CVE-2025-52571)

nvd.nist.gov (CVE-2025-52571)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-52571

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.