CVE-2025-52571
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52571 is a critical remote code execution vulnerability in the Hikka Telegram userbot versions prior to 1.6.2, including most forks. It allows an unauthenticated attacker to exploit edits in Telegram channel messages to gain full access to the victim's Telegram account and complete control over the server running the application. The attack requires user interaction but no privileges and has a low complexity. It impacts confidentiality, integrity, and availability at a high level. The vulnerability was fixed in version 1.6.2 with no known workarounds. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized full access to your Telegram account and complete control over the server hosting the Hikka userbot. This means an attacker can compromise your personal messages, impersonate you, manipulate or delete data, and potentially use your server for malicious activities, leading to significant confidentiality, integrity, and availability breaches. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Hikka userbot to version 1.6.2 or later, as this version contains the patch that fixes the vulnerability. No known workarounds are available, so upgrading is essential to prevent exploitation. [1, 2]