5 matches found
CVE-2025-52572
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
CVE-2025-52571
Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known...
CVE-2025-52572
Hikka (Telegram userbot) is affected by an RCE/account-takeover vulnerability via the web interface. If the web UI has no authenticated session, an attacker can abuse access via their own Telegram account to gain RCE on the server. If an authenticated session exists, users may be tricked into app...
CVE-2025-52571
Hikka is a Telegram userbot vulnerable to an unauthenticated credential/remote access issue in all versions below 1.6.2. The root cause enables an attacker to gain access to a victim’s Telegram account and full control of the server. The vulnerability is patched in version 1.6.2; no public workar...
CVE-2025-52571 Hikka vulnerable to RCE through edits in a channel
Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known...