CVE-2025-61113 – The TalkTalk 3.3.6 Android app contains imprope... (How to Fix)

📋 TL;DR

The TalkTalk 3.3.6 Android app contains improper access control vulnerabilities in multiple API endpoints. Attackers can modify request parameters to access sensitive user information (device identifiers, birthdays) and private group data including join credentials. This affects all users of the vulnerable TalkTalk Android app version.

💻 Affected Systems

Products:

TalkTalk Android App

Versions: 3.3.6

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the Android mobile application version 3.3.6.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass privacy breach exposing personal user data and unauthorized access to private groups, potentially enabling account takeover or social engineering attacks.

🟠

Likely Case

Targeted attackers harvesting user information for profiling or gaining unauthorized access to private group content.

🟢

If Mitigated

Limited exposure if proper API authentication and authorization controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires modifying API request parameters but appears straightforward based on the vulnerability description.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: No

Instructions:

1. Check Google Play Store for TalkTalk app updates
2. Update to the latest version if available
3. Uninstall the app if no patch is available

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the TalkTalk 3.3.6 app from Android devices

adb uninstall com.talktalk.app

🧯 If You Can't Patch

Restrict network access to TalkTalk API endpoints using firewall rules
Monitor for unusual API requests to TalkTalk endpoints

🔍 How to Verify

Check if Vulnerable:

Check Android app version in Settings > Apps > TalkTalk > App info

Check Version:

adb shell dumpsys package com.talktalk.app | grep versionName

Verify Fix Applied:

Verify app version is higher than 3.3.6 or app is uninstalled

📡 Detection & Monitoring

Log Indicators:

Unusual API parameter modifications
Access to sensitive endpoints without proper authentication

Network Indicators:

Abnormal request patterns to TalkTalk API endpoints
Parameter tampering in API calls

SIEM Query:

source="android_apps" app="TalkTalk" (event="api_call" AND (parameter_modification="true" OR auth_status="failed"))

📊 Metadata

CVE ID: CVE-2025-61113

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-284

EPSS Score: 0.06% exploit probability (17.5th percentile)

Published: October 30, 2025

Last Updated: November 4, 2025

🔗 References

https://kar1oz.notion.site/TalkTalk-2619a473ecb28072b600dfcc7791c9d2

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61113, you might also want to check these: