Vulnerability Description
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| >= 2.22.25.2, < 2.25.21.73 | ||
| Whatsapp Business | >= 2.22.25.2, < 2.25.21.78 |
Related Weaknesses (CWE)
References
- https://www.facebook.com/security/advisories/cve-2025-55177Vendor Advisory
- https://www.whatsapp.com/security/advisories/2025/Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-55177?
CVE-2025-55177 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed ...
How severe is CVE-2025-55177?
CVE-2025-55177 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55177?
Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp, Whatsapp Whatsapp Business.