CP
cyberpings
VulnerabilitiesCRITICAL

Telegram Zero-Click Vulnerability - Critical Device Threat

Featured image for Telegram Zero-Click Vulnerability - Critical Device Threat
SCSC Media
Telegramzero-click vulnerabilityremote code executionTrend Microanimated stickers
🎯

Basically, a flaw in Telegram lets hackers take over your device without you doing anything.

Quick Summary

A critical zero-click vulnerability in Telegram could allow hackers to take over devices. Both individual users and businesses are at risk. Immediate action is needed to protect sensitive data.

What Happened

A critical zero-click vulnerability has been discovered in both Telegram for Android and Telegram Desktop for Linux. This flaw allows threat actors to execute malicious code remotely by simply sending animated stickers. Researchers from the Trend Micro Zero Day Initiative uncovered this issue, which could lead to total device compromise. Italy's National Cybersecurity Agency has issued a warning, stating that exploiting this vulnerability could grant attackers access to sensitive data, including messages, contacts, and active sessions related to the Telegram account.

The implications of this vulnerability are severe. Users of Telegram Business accounts are particularly at risk, as attackers could exploit this flaw to gain unauthorized access. With no indicators of compromise or fixes currently available, the situation is dire for many users who rely on this messaging platform for communication.

Who's Affected

Both individual users and organizations utilizing Telegram Business accounts are affected by this vulnerability. The risk is especially pronounced for those using Telegram on Android and Linux systems, as these platforms are directly impacted by the flaw. The potential for remote code execution means that anyone receiving an animated sticker could unknowingly become a target.

Organizations should be particularly cautious, as sensitive business communications could be compromised. Individuals are also at risk, as the vulnerability can lead to unauthorized access to personal data stored within the app.

What Data Was Exposed

If exploited, this vulnerability could expose a wealth of sensitive information. Attackers could gain access to:

  • Messages sent and received through Telegram
  • Contacts stored within the app
  • Active sessions, allowing for further exploitation of user accounts

The ability to control a device remotely means that attackers could potentially manipulate the device to access even more sensitive information stored elsewhere. This level of access poses a significant threat to both personal and organizational data security.

What You Should Do

In light of this vulnerability, immediate action is necessary. Here are some recommended steps:

  • For Organizations: Limit communications to only trusted contacts, such as those in your address book or Premium users. Consider temporarily disabling the use of Telegram until a fix is available.
  • For Individual Users: It is advisable to remove Telegram from Android and Linux systems. Alternatively, use the web version of Telegram through updated browsers to mitigate risk.

Staying informed about updates from Telegram and cybersecurity agencies is crucial. As this situation develops, users must remain vigilant to protect themselves from potential threats.

🔒 Pro insight: This zero-click vulnerability highlights the ongoing risks associated with messaging apps, emphasizing the need for robust security measures in communication platforms.

Original article from

SCSC Media
Read Full Article

Share

Related Pings

CRITICALVulnerabilities

CVE-2025-53521 - F5 BIG-IP APM Vulnerability Exploited

F5 has reclassified a vulnerability in BIG-IP APM as critical, allowing unauthenticated remote code execution. Organizations must upgrade to the latest versions to mitigate risks. Immediate action is essential to protect sensitive data.

Arctic Wolf Blog·
CRITICALVulnerabilities

GIGABYTE Control Center - Critical File Write Vulnerability

A critical vulnerability in GIGABYTE Control Center allows remote attackers to write files and execute code. Users must upgrade to the latest version to protect their systems. This flaw poses significant risks for both individuals and organizations.

BleepingComputer·
HIGHVulnerabilities

Vim and Emacs RCE Vulnerabilities Found by Claude AI

Claude AI has uncovered serious RCE vulnerabilities in Vim and GNU Emacs. Users are at risk when opening crafted files. Immediate updates and caution are essential to stay safe.

BleepingComputer·
HIGHVulnerabilities

Citrix NetScaler ADC Bug - Added to CISA Exploit List

A critical vulnerability in Citrix NetScaler ADC has been added to CISA's exploit list. This bug poses significant risks, with thousands of appliances exposed online. Organizations must act quickly to patch and secure their systems.

SC Media·
CRITICALVulnerabilities

CVE-2025-53521 - F5 BIG-IP APM Vulnerability Reclassified

F5's BIG-IP APM vulnerability CVE-2025-53521 has been reclassified as a critical RCE. Unauthenticated attackers can exploit this flaw, putting many organizations at risk. Immediate action is required to upgrade affected systems.

Arctic Wolf Blog·
CRITICALVulnerabilities

F5 BIG-IP DoS Bug - Critical RCE Under Active Exploitation

A critical vulnerability in F5 BIG-IP has been exploited in the wild. Organizations using affected versions must patch immediately to avoid severe consequences. Stay vigilant for signs of compromise.

CSO Online·