CVE-2025-61113

Name of the Vulnerable Software and Affected Versions TalkTalk version 3.3.6

Description The TalkTalk 3.3.6 Android App has improper access control issues in several API endpoints. Modifying request parameters can allow attackers to get sensitive user information, like device identifiers and birthdays, and access private group information, including join credentials. Exploitation could lead to privacy breaches and unauthorized access to restricted resources. The vulnerable parameters are not specified.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.