A high-severity zero-click exploit could allow attackers to take control of devices without any user interaction
CyberShelter Threat Intelligence has identified a critical zero-click vulnerability affecting the Telegram messaging platform.
Tracked as ZDI-CAN-30207, this vulnerability carries a CVSS score of 9.8 (Critical) and allows attackers to remotely compromise devices without requiring any user interaction.
Because exploitation requires no clicks, no downloads, and no authentication, this flaw represents one of the most dangerous classes of mobile threats.
Technical Overview
- Vulnerability ID: ZDI-CAN-30207
- Severity: Critical (9.8)
- Attack Type: Zero-click remote exploit
- Attack Vector: Network
- Privileges Required: None
- User Interaction: None
Successful exploitation could enable attackers to:
- Execute arbitrary code remotely
- Access private communications
- Conduct surveillance
- Steal sensitive data
- Disrupt device functionality
Why This Vulnerability Is Critical
Zero-Click Exploitation
Unlike traditional attacks, this vulnerability does not require:
- Clicking links
- Opening attachments
- Accepting messages
Devices can be compromised silently in the background, making detection extremely difficult.
Remote Attack Surface
The vulnerability can be exploited over the internet, putting high-value targets at immediate risk, including:
- Executives
- Government officials
- Journalists
- Security professionals
- Enterprise users
No Authentication Required
Attackers do not need:
- A Telegram account
- Prior access
- Any trusted relationship with the victim
This significantly increases the likelihood of targeted and large-scale attacks.
Potential Attack Scenarios
Targeted Surveillance
Attackers may monitor communications of government officials, diplomats, and defense personnel.
Enterprise Espionage
Threat actors could access corporate communications, intellectual property, and sensitive internal data.
Mass Exploitation
If weaponized publicly, the vulnerability could enable automated attacks and spyware deployment at scale.
Indicators of Potential Exploitation
Organizations and users should watch for:
- Unexpected Telegram application crashes
- Device overheating after message receipt
- Unusual background processes
- Suspicious outbound network traffic
- Unauthorized login sessions
High-Risk Indicators
- Device compromise without phishing activity
- Unknown remote connections
- Abnormal Telegram process behavior
CyberShelter Recommendations
Immediate Actions
- Update Telegram applications on all devices immediately
- Enable automatic updates
- Apply security patches as soon as available
Account Security
- Restrict messaging to known contacts
- Disable communication from unknown users
- Limit group invitations
- Disable unknown bot interactions
Attack Surface Reduction
- Disable automatic media downloads
- Avoid joining unknown public groups
- Remove unnecessary bots
- Review and tighten privacy settings
Strategic Insight
Zero-click vulnerabilities represent a new generation of cyber threats.
They eliminate the need for human error, making traditional awareness-based defenses less effective.
This shifts the focus toward:
- Rapid patching
- Endpoint monitoring
- Behavioral detection
Because in modern cybersecurity,
the most dangerous attacks are the ones users never see.