Meta has released security updates to address a vulnerability (CVE-2025-55177) in WhatsApp that could allow an attacker to process arbitrary content on a target device via unauthorized synchronization messages.
Severity level:-
CVSS Score: 5.4/Medium.
Description:- WhatsApp is a widely used messaging platform across iOS and macOS. CVE-2025-55177 is a vulnerability caused by incomplete authorization of linked device synchronization messages. This flaw allows an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.
Affected Versions :-
- WhatsApp for iOS: versions before 2.25.21.73.
- WhatsApp Business for iOS: versions before 2.25.21.78.
- WhatsApp for macOS: versions before 2.25.21.78.
Impact:-
Successful exploitation may allow Unauthorized content processing from arbitrary URLs.
Resolution:- Please update to the following patched versions:
- WhatsApp for iOS: versions 2.25.21.73 or later.
- WhatsApp Business for iOS: versions 2.25.21.78 or later.
- WhatsApp for macOS: versions 2.25.21.78 or later.
Reference:-
https://www.cyber.gc.ca/en/alerts-advisories/whatsapp-security-advisory-av25-559
https://www.whatsapp.com/security/advisories/2025
https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html