CVE-2025-55177
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-55177. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Available Exploits
Related News
WhatsApp / WhatsApp Business for iOS, WhatsApp for Mac hatsApp若、識сiOS/macOS㍽綣掩'水罔⒦/a> (腦 2025.09.02) iOS / macOS 「CVE-2025-55177 Apple 0-day 絲上 (iOS / iPadOS, macOS) т信罩c CVE-2025-43300 ф─罕 Android Android篁吟若、識э2…
A vulnerability has been identified in in WhatsApp. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system. Note: CVE-2025-55177 is being scattered exploited. This vulnerability allow an unrelated…
WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The…
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 …
Affected Products
Affected Versions:
Affected Versions:
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: September 2, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: August 29, 2025, Modified: September 3, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
iPhone users urged to update WhatsApp for critical security fix **Date:** 07-Sep-25 The article reports that WhatsApp has addressed a significant security vulnerability affecting its applications on Apple devices, urging users to update to the latest versions. The identified vulnerabilities (CVE-2025-55177 and CVE-2025-43300) may have already been exploited, prompting Apple …
WhatsApp Zero-Click Spyware Explained: CVE-2025–55177 Deep Dive Back in early September 2025, WhatsApp sent out a big warning about a **“zero-click” spyware attack**. This is a particularly scary kind of attack because it can infect your phone without you having to do a thing, no clicking on a weird link, …
WhatsApp zero-click exploit (CVE-2025-55177) Meta confirms dangerous WhatsApp zero-click exploit (CVE-2025-55177). A sophisticated attack exploited device sync messages, letting hackers run malicious code via hidden URLs, no clicks, no downloads required. Victims were compromised silently, making this one of the most alarming WhatsApp flaws to date.
CISA has added two actively exploited vulnerabilities to the KEV Catalog: * CVE-2020-24363 (TP-Link TL-WA855RE — missing authentication) * CVE-2025-55177 (WhatsApp — incorrect authorization) These are now confirmed active attack vectors. While BOD 22-01 makes patching mandatory for federal agencies, CISA urges all organizations to remediate KEVs quickly. 🔍 For …
🔥 Top 10 Trending CVEs (04/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-47910](https://nvd.nist.gov/vuln/detail/CVE-2025-47910)** - 📝 n/a - 📈 **CVSS:** 0 - 🧭 **Vector:** n/a - ⚠️ **Priority:** n/a - 📝 **Analysis:** No Information available for this CVE at the moment --- **2. [CVE-2025-25231](https://nvd.nist.gov/vuln/detail/CVE-2025-25231)** …
"WhatsApp" klaida - nulinio paspaudimo "iPhone" ataka Užpuolikai išnaudoja „WhatsApp“ saugumo spragą, kuri paveikia „iPhone“ įrenginius ir leidžia vykdyti sudėtingas „zero-click“ atakas prieš pasirinktus „Apple“ vartotojus. Kampanijoje taip pat naudojama anksčiau aptikta ir rugpjūčio 20 d. ištaisyta „iOS“ klaida CVE-2025-43300, kuri jau buvo pasitelkta itin pažangiose atakose. Naujas pažeidžiamumas CVE-2025-55177 …
🔥 Top 10 Trending CVEs (03/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-53772](https://nvd.nist.gov/vuln/detail/CVE-2025-53772)** - 📝 Web Deploy Remote Code Execution Vulnerability - 📅 **Published:** 12/08/2025 - 📈 **CVSS:** 8.8 - 🧭 **Vector:** CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C - 📣 **Mentions:** 6 - ⚠️ **Priority:** 2 - 📝 …
CISA Adds WhatsApp + TP-Link Flaws to KEV Catalog: Actively Exploited CISA has just updated its Known Exploited Vulnerabilities (KEV) Catalog with two new CVEs: * **CVE-2020-24363** — TP-Link TL-WA855RE Missing Authentication * **CVE-2025-55177** — WhatsApp Incorrect Authorization Both are being exploited in the wild. Under **BOD 22-01**, federal agencies …
CVE Alert: CVE-2025-55177 – Facebook – WhatsApp Desktop for Mac
Am I affected by the recent Zero-Click attack? So, today I read about CVE-2025-55177, which allowed a zero-click attack on users. During the second week in august, I received an SMS that someone attemps to register my WhatsApp account on a new device, with a confirmation code. Could this mean, …