Whatsapp Business For iOS
by Meta
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55177 | 0.12 | — | 0.01 | KEV | Aug 29, 2025 | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users. | ||
| CVE-2022-36934 | 0.01 | — | 0.13 | Sep 22, 2022 | An integer overflow in WhatsApp could result in remote code execution in an established video call. | |||
| CVE-2025-55179 | 0.00 | — | 0.00 | Nov 18, 2025 | Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild. | |||
| CVE-2022-27492 | 0.00 | — | 0.04 | Sep 23, 2022 | An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. |
- risk 0.12cvss —epss 0.01
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
- CVE-2022-36934Sep 22, 2022risk 0.01cvss —epss 0.13
An integer overflow in WhatsApp could result in remote code execution in an established video call.
- CVE-2025-55179Nov 18, 2025risk 0.00cvss —epss 0.00
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
- CVE-2022-27492Sep 23, 2022risk 0.00cvss —epss 0.04
An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file.