Primary

Context

Hikka Telegram Userbot Unauthenticated Access Vulnerability Leading to Account Takeover and Server Compromise

Vulnerability

A vulnerability in Hikka, a Telegram userbot, allows an unauthenticated attacker to access the Telegram account of a victim and gain full access to the server. This issue affects all users on versions prior to 1.6.2, including most forks of the userbot. The vulnerability has been patched in version 1.6.2.

Impact

Exploitation of this vulnerability allows for unauthorized access to a victim's Telegram account and full access to the server where the userbot is running.

Remediation

Users can upgrade to Hikka version 1.6.2 or later to address this vulnerability.

Added: Jun 24, 2025, 8:30 PM

Updated: Jun 24, 2025, 8:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hikka Telegram Userbot Unauthenticated Access Vulnerability Leading to Account Takeover and Server Compromise

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating