CVE-2025-55177

Name of the Vulnerable Software and Affected Versions WhatsApp versions prior to 2.25.21.73 WhatsApp Business versions prior to 2.25.21.78 WhatsApp for Mac versions prior to 2.25.21.78

Description WhatsApp contained a critical authorization flaw in the handling of linked device synchronization messages. This flaw allowed an attacker to trigger the processing of content from an arbitrary URL on a target’s device without any user interaction, a so-called “zero-click” exploit. The vulnerability was exploited in targeted attacks, potentially in conjunction with an Apple OS flaw, and may have impacted fewer than 200 users. The attacks were reported to have targeted civil society members. The flaw stemmed from incomplete authorization during the synchronization process, enabling malicious data to be processed by the application.

Recommendations Update WhatsApp to version 2.25.21.73 or later. Update WhatsApp Business to version 2.25.21.78 or later. Update WhatsApp for Mac to version 2.25.21.78 or later.