Remote Code Execution Vulnerability in Hikka Telegram Userbot
CVE-2025-52572

10CRITICAL

Key Information:

Vendor: Hikariatama
Status: Hikka
Vendor: CVE Published:; 24 June 2025

🔔 Create Hikariatama Vulnerability Alert

What is CVE-2025-52572?

The Hikka Telegram userbot has a remote code execution vulnerability that affects all users across all versions. This vulnerability presents two scenarios for exploitation: in the first scenario, if the web interface lacks an authenticated session, an attacker can leverage their own Telegram account to gain unauthorized access to the server. In the second scenario, when an authenticated session does exist, insufficient warnings during authentication can mislead users into granting permission to a malicious web application, resulting in unauthorized access not only to remote code execution but also to the owners' Telegram accounts. Scenario two has been observed in active exploitation. Currently, no patches are available, but users are advised to implement workarounds such as using the --no-web flag and ensuring they do not start the userbot without it, while also being cautious about clicking 'Allow' in the helper bot unless it is a specific and necessary action.

Affected Version(s)

Hikka <= 1.7.0-wip

References

https://github.com/hikariatama/Hikka/security/advisories/...

x_refsource_CONFIRM

https://t.me/bbcode/9

x_refsource_MISC

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Jun 18, 2025