Hikariatama Hikka vulnerabilities
2 known vulnerabilities affecting hikariatama/hikka.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2025-52572P1CRITICALCVSS 10.0Exploited≤ 1.7.0-wip2025-06-24
CVE-2025-52572 [CRITICAL] CWE-287 CVE-2025-52572: Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenari
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web interface does have an authenticated session: due to i
nvd
CVE-2025-52571P2CRITICALCVSS 9.6fixed in 1.6.22025-06-24
CVE-2025-52571 [CRITICAL] CWE-287 CVE-2025-52571: Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including mo
Hikka is a Telegram userbot. A vulnerability affects all users of versions below 1.6.2, including most of the forks. It allows an unauthenticated attacker to gain access to Telegram account of a victim, as well as full access to the server. The issue is patched in version 1.6.2. No known workarounds are available.
nvd