CVE-2025-30259

low-risk

Published 2025-03-20

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.5/10 Low

NETWORK / HIGH complexity

References (2)

https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-ope...

https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-us...

/ 100

low-risk

Severity 12/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal