CVE-2025-55177

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.25.21.73 WhatsApp Business versions prior to 2.25.21.78 WhatsApp for Mac versions prior to 2.25.21.78

Description WhatsApp was found to have an authorization issue in the handling of linked device synchronization messages. This flaw could allow an attacker to trigger the processing of content from an arbitrary URL on a target’s device without any user interaction, referred to as a zero-click exploit. The vulnerability was exploited in targeted attacks, potentially in combination with an Apple OS flaw. Fewer than 200 users were reportedly affected during a 90-day campaign, with a focus on journalists, human rights activists, and other individuals in civil society. The vulnerability allows for the potential of remote code execution.

Recommendations Update WhatsApp to version 2.25.21.73 or later. Update WhatsApp Business to version 2.25.21.78 or later. Update WhatsApp for Mac to version 2.25.21.78 or later. Review and remove any unknown linked devices. Consider a factory reset if you believe you were specifically targeted.