प्लेटफ़ॉर्म
python
घटक
hikka
में ठीक किया गया
1.7.1
CVE-2025-52572 is a critical Remote Code Execution (RCE) vulnerability affecting the Hikka Telegram userbot. This flaw allows attackers to execute arbitrary code on the server hosting Hikka, potentially leading to complete system compromise. The vulnerability impacts all users across all versions of Hikka prior to 1.7.1, with two distinct attack vectors. A fix is available in version 1.7.1.
The impact of CVE-2025-52572 is severe. The primary attack vector involves exploiting an unauthenticated web interface, allowing an attacker to authorize their own Telegram account and gain RCE. A second, more insidious attack leverages social engineering. Users, tempted by a misleading authentication message, may inadvertently grant an attacker access to the web application's operations menu, resulting in both RCE and potential compromise of the owner's Telegram accounts. This represents a significant data breach risk, as Telegram accounts often contain sensitive personal information and communication history. Lateral movement within the compromised system is also possible, allowing attackers to pivot to other connected resources. The blast radius extends to all users of the affected Hikka instance and potentially their Telegram contacts.
CVE-2025-52572 was published on 2025-06-24. The vulnerability's critical CVSS score (10) indicates a high probability of exploitation. Public Proof-of-Concept (POC) code is likely to emerge given the ease of exploitation described in the vulnerability details. While no active campaigns have been publicly reported as of this writing, the potential for abuse is significant, particularly targeting Telegram userbot deployments. The vulnerability is not currently listed on KEV or EPSS, but its critical severity warrants close monitoring.
एक्सप्लॉइट स्थिति
EPSS
0.62% (70% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-52572 is to immediately upgrade Hikka to version 1.7.1 or later. If upgrading is not immediately feasible, consider temporarily disabling the web interface to prevent unauthorized access. Implement strict user awareness training to educate users about the risks of clicking suspicious authentication prompts. While a Web Application Firewall (WAF) might offer some protection, it's unlikely to be effective against the social engineering aspect of the vulnerability. Monitor system logs for unusual activity, particularly authentication attempts from unfamiliar Telegram accounts. After upgrading, confirm the fix by attempting to access the web interface and verifying that authentication requires proper credentials.
Actualizar a una versión parcheada cuando esté disponible. Como solución temporal, ejecutar Hikka con el flag `--no-web` para deshabilitar la interfaz web. Si la interfaz web es necesaria, después de autorizar, cerrar el puerto en el servidor o ejecutar Hikka con el flag `--no-web`. No hacer clic en "Allow" en el bot de ayuda a menos que sea una acción explícita necesaria.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
It's a critical Remote Code Execution (RCE) vulnerability in the Hikka Telegram userbot, allowing attackers to run code on your server.
If you're using Hikka version 1.7.0-wip or earlier, you are vulnerable. All users and versions are impacted.
Upgrade Hikka to version 1.7.1 immediately. If upgrading isn't possible, disable the web interface as a temporary workaround.
No active campaigns have been reported yet, but the high severity and ease of exploitation suggest a risk of future attacks.
Refer to the official CVE entry on the NVD (National Vulnerability Database) for detailed information and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।