Critical severity9.6NVD Advisory· Published Jun 24, 2025· Updated Apr 15, 2026

CVE-2025-52571

Description

Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.

Patches

9a0e4b1b387e

https://github.com/hikariatama/hikkavia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/hikariatama/Hikka/commit/9a0e4b1b387ef828c345c43d990421d5afcff5f6nvd
github.com/hikariatama/Hikka/security/advisories/GHSA-vwpq-wm8w-44wfnvd

News mentions

No linked articles in our index yet.

cvss	0.624
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000