CVE-2025-55177
moderate-risk
Published 2025-08-29
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Do I need to act?
-
0.81% chance of exploitation
EPSS score — low exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.4/10
Medium
NETWORK
/ LOW complexity
Affected Products (3)
Affected Vendors
References (3)
Vendor Advisory
https://www.facebook.com/security/advisories/cve-2025-55177
Vendor Advisory
https://www.whatsapp.com/security/advisories/2025/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
40
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
10/34 · Low
Exposure
9/34 · Low