CVE-2025-61113

HIGH

TalkTalk 3.3.6 Android App - Info Disclosure

Title source: llm

Description

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information (such as device identifiers and birthdays) and access private group information, including join credentials. Successful exploitation may result in privacy breaches and unauthorized access to restricted resources.

References (1)

Core 1

Core References

Various Sources

https://kar1oz.notion.site/TalkTalk-2619a473ecb28072b600dfcc7791c9d2

Scores

CVSS v3 7.5

EPSS 0.0025

EPSS Percentile 15.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Oct 30, 2025

Tracked Since Feb 18, 2026