https://x.com/telegram/status/2038069726316834994 Telegram claims that exploitation of the vulnerability is blocked by server-side validation of stickers

Despite the name of the website this is in all likelihood not a zero-day: they say it was discovered by an employee of the Zero Day Initiative, so it should have only only been reported to Telegram, and besides them only TrendAI (TrendMicro) should know anything about it

And in the meantime, CVSS went down to 7.0.

I wonder why Trend publishes such upcoming advisories -- are those even helpful? For sure, I am going to be more critical of anything that ends up there.