TalkTalk Android App Access Control Vulnerability Allowing Sensitive Data Exposure

Vulnerability

A vulnerability in the TalkTalk Android App version 3.3.6 has been identified, involving improper access control across multiple API endpoints. This flaw allows attackers to manipulate request parameters to access sensitive user information, such as device identifiers and birthdays, as well as private group details, including join credentials. Exploiting this vulnerability could lead to privacy violations and unauthorized access to restricted resources.

Impact

Exploitation of this vulnerability could result in privacy breaches and unauthorized access to sensitive user information and private group resources.

Added: Oct 30, 2025, 4:22 PM

Updated: Oct 30, 2025, 9:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TalkTalk Android App Access Control Vulnerability Allowing Sensitive Data Exposure

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating