CVE-2025-55177

Name of the Vulnerable Software and Affected Versions: WhatsApp versions prior to v2.25.21.73 for iOS, versions prior to v2.25.21.78 for WhatsApp Business for iOS, and versions prior to v2.25.21.78 for WhatsApp for Mac.

Description: WhatsApp was found to have an incomplete authorization flaw in linked device synchronization messages. This could allow an unrelated user to trigger the processing of content from an arbitrary URL on a target’s device. This vulnerability, in combination with an Apple OS vulnerability (CVE-2025-43300), may have been exploited in targeted attacks. Fewer than 200 users were reportedly affected during a 90-day campaign. The flaw allows for zero-click exploitation, meaning no user interaction is required for successful compromise.

Recommendations: Update WhatsApp to version 2.25.21.73 or later for iOS. Update WhatsApp Business to version 2.25.21.78 or later for iOS. Update WhatsApp for Mac to version 2.25.21.78 or later.