CVE-2025-55177

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.25.21.73 WhatsApp Business versions prior to 2.25.21.78 WhatsApp for Mac versions prior to 2.25.21.78

Description A critical authorization flaw exists in WhatsApp for iOS, WhatsApp Business for iOS, and WhatsApp for Mac. This vulnerability allows an unrelated user to trigger the processing of content from an arbitrary URL on a target’s device through incomplete authorization of linked device synchronization messages. This flaw, exploited in targeted attacks, was combined with an Apple OS vulnerability. Fewer than 200 users were reportedly affected in a 90-day campaign, with targets including journalists and human rights activists. The vulnerability allows for zero-click exploitation, meaning no user interaction is required for compromise. The flaw resides in the handling of linked device synchronization, potentially enabling attackers to execute malicious code via hidden URLs.

Recommendations Update WhatsApp to version 2.25.21.73 or later. Update WhatsApp Business to version 2.25.21.78 or later. Update WhatsApp for Mac to version 2.25.21.78 or later.