216.73.216.6

CVE-2025-55177

· Published 29/08/2025 16:15 · Modified 29/08/2025 17:15

Labels: CVE-2025-55177 2025-08-29CVE-2025-55177[email protected]

Essential information

Published
29/08/2025 16:15
Modified
29/08/2025 17:15
Author
Creator
CVSS
8.0 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
facebook / whatsapp cpe:2.3:a:facebook:whatsapp:2.25.21:*:*:*:*:*:*:*
facebook / whatsapp business cpe:2.3:a:facebook:whatsapp_business:2.25.21:*:*:*:*:*:*:*
facebook / whatsapp cpe:2.3:a:facebook:whatsapp:mac:2.25.21:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)