CVE-2025-52571 – Hikka Telegram Unauthenticated Account Takeover and Server Compromise Vulnerability

June 24, 2025

CVE ID : CVE-2025-52571

Published : June 24, 2025, 8:15 p.m. | 44 minutes ago

Description : Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.

Severity: 9.6 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52471 – “Espressif ESP-IDF ESP-NOW Protocol Integer Underflow Vulnerability”

Next Article CVE-2025-49852 – ControlID iDSecure Server-Side Request Forgery

Highlights

CVE-2025-4405 – WordPress Hot Random Image Stored Cross-Site Scripting Vulnerability

May 22, 2025

CVE ID : CVE-2025-4405

Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-52571 – Hikka Telegram Unauthenticated Account Takeover and Server Compromise Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Phonetically-Augmented Discriminative Rescoring for Voice Search Error Correction

Tariffs and gaming handhelds: Should I buy a Steam Deck, ROG Ally, or even a Nintendo Switch right now?

CodeSOD: An Array of Parameters

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk!

CVE-2025-4405 – WordPress Hot Random Image Stored Cross-Site Scripting Vulnerability

Public Exploit for Chained SAP Flaws Exposes Unpatched Systems to Remote Code Execution

CVE-2025-41645 – D-Link Device Hijacking Vulnerability

CVE-2025-31713 – F5 Networks Engineer Mode Command Injection Vulnerability

CVE-2025-52571 – Hikka Telegram Unauthenticated Account Takeover and Server Compromise Vulnerability

Related Posts