PT-2025-26779 · Hikka · Hikka

Hikariatama

Published

2025-06-24

Updated

2025-06-25

CVE-2025-52571

CVSS v3.1

9.6

Critical

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Hikka versions prior to 1.6.2

Description: A vulnerability in Hikka Telegram userbot allows an unauthenticated attacker to gain access to a victim's Telegram account and full access to the server. The issue affects all users of versions below 1.6.2, including most of the forks.

Recommendations: For versions prior to 1.6.2, update to version 1.6.2 to patch the issue. As a temporary workaround, consider restricting access to sensitive features until the update is applied.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-52571

GHSA-VWPQ-WM8W-44WF

Affected Products

Hikka

PT-2025-26779 · Hikka · Hikka

CVE-2025-52571

Weakness Enumeration

Related Identifiers

Affected Products

References · 10