CVE-2025-55177

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.25.21.73 WhatsApp Business versions prior to 2.25.21.78 WhatsApp for Mac versions prior to 2.25.21.78

Description WhatsApp was found to have an incomplete authorization issue in linked device synchronization messages. This flaw could allow an unrelated user to trigger the processing of content from an arbitrary URL on a target’s device without any user interaction, a so-called 'zero-click' exploit. This vulnerability was exploited in targeted attacks, potentially in combination with an Apple OS-level flaw. Fewer than 200 users were reportedly affected during a 90-day campaign, with targets including journalists and human rights activists. The flaw stems from an incorrect authorization in the process of synchronizing linked devices, enabling attackers to send malicious data via these messages. The exploitation of this vulnerability does not require any action from the user. The API endpoint is not explicitly mentioned in the provided data.

Recommendations Update WhatsApp to version 2.25.21.73 or later. Update WhatsApp Business to version 2.25.21.78 or later. Update WhatsApp for Mac to version 2.25.21.78 or later. Review and remove any unknown linked devices. Consider a factory reset if you believe you were targeted.