Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Nov 18, 2025

CVE-2025-55179

Description

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.

Affected products

Meta/Whatsapp Business For iOSllm-fuzzy
Range: =2.25.23.82
Whatsapp/Whatsappllm-fuzzy
Range: <2.25.23.73
Facebook/WhatsApp Business for iOSv5
Range: 2.25.8.14
Facebook/WhatsApp Desktop for Macv5
Range: 2.25.8.14
Facebook/WhatsApp for iOSv5
Range: 2.25.8.17

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.facebook.com/security/advisories/cve-2025-55179mitrex_refsource_CONFIRM
www.whatsapp.com/security/advisories/2025/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000