Telegram messenger faces a critical zero-day vulnerability discovered by security firm 3Side and reported on March 26, 2025, that enables remote compromise without user interaction.
The flaw, logged in the Zero Day Initiative (ZDI) registry as ID ZDI-CAN-30207, received a 9.8 rating from the Common Vulnerability Scoring System (CVSS), placing it in the highest danger category. Researchers say the attack can be launched remotely over the network, requires low exploitation complexity, and does not need the victim to take any action or grant system privileges.
Telegram's development team was notified on March 26 and has 120 days under Zero Day Initiative policy to release a fix before technical details are publicly disclosed. The company has not yet commented on the finding. Users should monitor for updates and consider implementing additional security measures until a patch is deployed.
