CNNVD-202506-3126 Information

CNNVD ID

CNNVD-202506-3126

Related CVE

CVE-2025-52572

• CNNVD Published: 2025-06-24

Description (Chinese)

Hikka是Daniil Gazizullin个人开发者的一个面向开发者的Telegram用户机器人。 Hikka存在授权问题漏洞，该漏洞源于Web界面未认证会话或认证消息警告不足，可能导致远程代码执行和Telegram账户接管。

Description (English)

Hikka is a Telegram user robot for developers by Daniil Gazizullin’s personal developer. There is a mandate gap in Hikka, which stems from the fact that the Web interface does not authenticate a session or that the authentication message warnings are inadequate, which may lead to remote code execution and the Telegram account taking over.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

Live Support

Published

2025-06-24

Last Modified

2026-02-24

References

https://t.me/bbcode/9 https://github.com/hikariatama/Hikka/security/advisories/GHSA-7x3c-335v-wxjj https://access.redhat.com/security/cve/cve-2025-52572

Patch

https://github.com/hikariatama/Hikka/releases