Unrated severityCISA KEVNVD Advisory· Published Aug 29, 2025· Updated Feb 26, 2026
CVE-2025-55177
CVE-2025-55177
Description
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Affected products
3- Facebook/WhatsApp Desktop for Macv5Range: 2.22.25.2
- Facebook/WhatsApp Business for iOSv5Range: 2.22.25.2
- Facebook/WhatsApp for iOSv5Range: 2.22.25.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.facebook.com/security/advisories/cve-2025-55177mitrex_refsource_CONFIRM
- www.whatsapp.com/security/advisories/2025/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.