CVE-2025-55177

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.25.21.73 WhatsApp Business versions prior to 2.25.21.78 WhatsApp for Mac versions prior to 2.25.21.78

Description WhatsApp contains an authorization flaw due to incomplete authorization of linked device synchronization messages. This flaw could allow an unrelated user to trigger the processing of content from an arbitrary URL on a target’s device without any user interaction, referred to as a zero-click exploit. This vulnerability, combined with an Apple OS flaw, was exploited in targeted attacks, impacting fewer than 200 users, including journalists and human rights activists. The flaw allows attackers to send specially crafted messages that force the app to process malicious content from external sources. The vulnerability was actively exploited in attacks and is categorized as a zero-day.

Recommendations Update WhatsApp to version 2.25.21.73 or later. Update WhatsApp Business to version 2.25.21.78 or later. Update WhatsApp for Mac to version 2.25.21.78 or later.