AI description
CVE-2025-55177 is a security vulnerability affecting WhatsApp for iOS (prior to version 2.25.21.73), WhatsApp Business for iOS (v2.25.21.78), and WhatsApp for Mac (v2.25.21.78). The vulnerability stems from incomplete authorization of linked device synchronization messages. This incomplete authorization could allow an attacker to trigger the processing of content from an arbitrary URL on a target's device. It has been assessed that CVE-2025-55177, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in sophisticated attacks against specific, targeted users.
- Description
- Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
- Source
- cve-assign@fb.com
- NVD status
- Modified
- Products
- whatsapp, whatsapp_business
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Data from CISA
- Vulnerability name
- Meta Platforms WhatsApp Incorrect Authorization Vulnerability
- Exploit added on
- Sep 2, 2025
- Exploit action due
- Sep 23, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- CWE-863
- Hype score
- Not currently trending
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing. h
@minacrissDev_
4 Nov 2025
339 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
واتساب فيه ثغرة خطيرة 0-click «لا حاجة للنقر على شيء» على أجهزة أبل (iPhone, iPad, Mac): باحثون من مجموعة DarkNavyOrg بيّنوا طريقة استغلال ثغرتين — CVE-2025-55177 وCVE-2025-43300 — عن ط
@cyber_shockry
11 Oct 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 🔴 Luka 0-click w WhatsApp pozwala na przejęcie pełnej kontroli nad urządzeniami Apple Wykorzystywane są dwie podatności: 🔴 CVE-2025-55177: błąd logiki w obsłudze wiadomości — podatność pozwala niepowiązanemu użytkownikowi (spoza kontaktów) wywołać
@Sekurak
10 Oct 2025
10590 Impressions
9 Retweets
66 Likes
21 Bookmarks
5 Replies
0 Quotes
📱 Critical zero-click vulnerability (CVE-2025-55177) within WhatsApp has been leveraged in targeted spyware operations, in conjunction with an Apple Imagel0 flaw (CVE-2025-43300). https://t.co/r4LJmGQBz1
@AiKalki
6 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#VulnerabilityReport #Apple A Critical Zero-Click WhatsApp Flaw, CVE-2025-55177, Was Exploited in Zero-Day Attacks https://t.co/QrwCTASqBa
@Komodosec
5 Oct 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ALERTA: WhatsApp 0-Click Vulnerability CVE-2025-55177 & CVE-2025-43300 https://t.co/QGsPiOcXwm
@WMJenny24
5 Oct 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
تحذير مديرية الأمن السيبراني في وزارة الداخلية عن عن ثغرة واتساب “Zero Click” جاء متأخراً شهراً كاملاً بعد إصلاحها (CVE-2025-55177 و CVE-2025-43300). واتساب أصلحتها في شهر
@fadhil79
3 Oct 2025
5407 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar from https://t.co/8RzyA4nEyg: CVE-2024-3400 (@stevenadair) CVE-2025-24132 CVE-2025-43300 CVE-2025-5777 CVE-2025-55177 CVE-2023-34044 (@pr0Ln) CVE-2023-20870 CVE-2025-10035 CVE-2025-20333 https://t.co/Z18UZ0WhOF
@ptdbugs
3 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
OPREȘTE CE FACI ACUM ȘI ACTUALIZEAZĂ WHATSAPP PE iOS – UN ATAC ZERO-CLICK ÎȚI POATE INFECTA TELEFONUL FĂRĂ SĂ APUCI SĂ ÎNȚELEGI CE SE ÎNTÂMPLĂ E vorba despre două vulnerabilități critice – CVE-2025-55177 (autorizare incompletă în sincronizarea dispozitive
@gbuhnici
3 Oct 2025
18156 Impressions
26 Retweets
198 Likes
13 Bookmarks
25 Replies
7 Quotes
🕵♂WhatsApp: 0-Click RCE por DNG malicioso • Investigadores publicaron PoC que combina dos vulnerabilidades (CVE-2025-55177 y CVE-2025-43300) permitiendo ejecución remota sin interacción en iOS/macOS/iPadOS. • El exploit se entrega mediante un archivo DNG malformado
@HackingTeam777
30 Sept 2025
9238 Impressions
51 Retweets
219 Likes
112 Bookmarks
2 Replies
2 Quotes
🚨 CVE-2025-55177 & CVE-2025-43300: WhatsApp 0-Click Crash CVE-2025-43300 GitHub: https://t.co/hmBnaQ0yxK https://t.co/Z69ge6FzNx
@DarkWebInformer
30 Sept 2025
8255 Impressions
24 Retweets
118 Likes
62 Bookmarks
1 Reply
0 Quotes
🌐 تم اكتشاف ثغرة حرجة في WhatsApp* برقم CVE-2025-55177 🔐 تسمح هذه الثغرة ببدء معالجة محتوى من عنوان URL عشوائي على جهاز الضحية، مما قد يؤدي إلى تنفيذ تعليمات برمجية
@RedaDopamine
30 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-55177: Zero-Click WhatsApp Exploit Leveraged in Targeted Spyware Attacks on Apple Devices https://t.co/HikzjWt2tN
@cyb_8ost
30 Sept 2025
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Zero-click RCE in WhatsApp: A malicious DNG image can exploit Apple devices (iOS/macOS/iPadOS) via CVE-2025-55177 & CVE-2025-43300. PoC shows a compromise on receipt with no user action. Patch ASAP; avoid unexpected media. #cybersecurity #WhatsApp https://t.co/kHZLjqtrRr
@AJTheTech
29 Sept 2025
165 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 The #WhatsApp Zero-Click Threat: Deconstructing #CVE-2025-55177 and the DNG Image Exploit https://t.co/HTshRGD67D Educational Purposes!
@UndercodeUpdate
29 Sept 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرَة 0-click في واتساب على iOS/macOS/iPadOS تُستغل عبر ملف DNG خبيث (CVE-2025-55177 & CVE-2025-43300) 🐞📸. PoC من باحثي DarkNavyOrg يُظهر تنفيذ كود عن بُعد بدون تفاعل — قد يتيح استيلاء ك
@Infoandtech3
29 Sept 2025
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing. h
@minacrissDev_
29 Sept 2025
2208 Impressions
1 Retweet
27 Likes
13 Bookmarks
0 Replies
0 Quotes
🚨WhatsApp 0-Click Exploit Active • CVE-2025-55177 lets attackers hijack iOS/macOS with zero user action • Paired with Apple OS bug for deeper device access 📍Defend before it’s too late - https://t.co/VOBAjoGMfY 🔗https://t.co/a8LLhnuuat https://t.co/nYkSSrycQn
@DigitalWarCorp
29 Sept 2025
76 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
BREAKING: WhatsApp zero-click vuln (CVE-2025-55177 & CVE-2025-43300) exploited via malicious DNG files, enabling RCE on iOS/macOS/iPadOS. No user interaction needed! Patch now. Source: @The_Cyber_News https://t.co/osGMrTK9dw #CyberSec #WhatsApp
@meet_cipher
29 Sept 2025
1443 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
1 Quote
Triggered WhatsApp 0-click on iOS/macOS/iPadOS CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing https:
@zeeshankghouri
29 Sept 2025
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
El grupo DarkNavy anunció la explotación de una vulnerabilidad 0-click en WhatsApp, vinculada al CVE-2025-55177 y CVE-2025-43300 por fallas en validación y parsing DNG. También investigan un CVE en Samsung (2025-21043). https://t.co/1MO3mN9Px7
@tpx_Security
29 Sept 2025
256 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing. h
@DarkNavyOrg
28 Sept 2025
73783 Impressions
138 Retweets
640 Likes
316 Bookmarks
6 Replies
12 Quotes
CVE-2025-55177: A WhatsApp vulnerability is being actively exploited an unrelated user could force your app to content from arbitrary URLs due to incorrect authorization in linked device sync. What to do now: Update iOS WhatsApp ≥ v2.25.21.73, WhatsApp Business ≥ v2.25.21.78
@NightfallCVE
25 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-55177 Meta Platforms WhatsApp contains an authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.
@ZeroDayFacts
22 Sept 2025
51 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-21043 was reported by WhatsApp in the same way as CVE-2025-55177, which affected Apple’s iPhone and was flagged last month. Samsung says it “was notified that an exploit for this issue has existed in the wild.” (Forbes)
@IsaacAsael96
14 Sept 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 APT ALERT 🍏🕵️♂️ • Mercenary spyware hitting Apple devices via zero-days (CVE-2025-43300, CVE-2025-55177) ⚡ • Targets: activists, journalists & government officials 🎯 • Action: Enable Lockdown Mode, check Apple alerts & patch ASAP 🔒 High
@Newtalics
13 Sept 2025
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔐 WhatsApp patched a critical vulnerability (CVE-2025-55177) exploited in zero-click spyware attacks. Only 200 accounts hit, but the threat was serious. Update your app now! https://t.co/wox21B3Bbn
@Thendcrack
12 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 WhatsApp parchea una grave vulnerabilidad (CVE-2025-55177) usada en ataques de spyware sin clic. Solo 200 cuentas afectadas, pero el riesgo era real. ¡Actualiza ya! https://t.co/gv9rtfuewf
@Thendcrack
12 Sept 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Samsung patches a critical remote code execution flaw (CVE-2025-21043) in Android and WhatsApp fixes a zero-click spyware exploit (CVE-2025-55177) impacting iOS and macOS devices. #SamsungUpdate #WhatsAppPatch #SouthKorea https://t.co/QbRVTikh04
@TweetThreatNews
12 Sept 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Alerta en WhatsApp! Fallo CVE-2025-55177 permite robo de datos y malware 💻🔓. Protege tus chats ya ⚠️ https://t.co/tcOvNvBjwf #WhatsApp #Ciberseguridad
@sorkxx
9 Sept 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA, TP-Link (CVE-2020-24363) ve WhatsApp (CVE-2025-55177) açıklarını KEV listesine ekledi. https://t.co/23WbbNkyMd #laykon #laykonbilisim #siberguvenlik #antivirus #verigüvenliği #narbulut #netwrix #logalarm #gaterzone #logtin #watchguard #bitdefender #transferchain ht
@LaykonBilisim
8 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🐺 Composite Vulnerability Report Meta Platforms WhatsApp CVE-2025-55177 1️⃣ Executive Preamble This is not just a bug report. It is a systemic warning: How incomplete authorization in WhatsApp’s linked-device sync exposes users to remote execution. Why attackers levera
@Lightorius
8 Sept 2025
11 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🚨 CISA alerta: Nova zero-day no WhatsApp (CVE-2025-55177) em exploração ativa! Afeta sincronização de dispositivos e pode levar a roubo de dados e malware. Profissionais de segurança, ATUALIZEM JÁ! Não espere. 🛡️ https://t.co/fEroaDcq3a #WhatsApp #ZeroDay #CyberS
@fernandokarl
8 Sept 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:
@404LabsX
7 Sept 2025
113 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:
@404LabsX
7 Sept 2025
99 Impressions
3 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-55177
@transilienceai
6 Sept 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 WhatsApp opravuje Zero-Click zranitelnost ve verzích pro iOS a MacOS. Zranitelnost CVE-2025-55177 (CVSS score: 5.4) spočívá ve špatné autorizaci synchronizačních zpráv. Podle výzkumníků chyba umožňovala zpracovat data z libovolné URL adresy na cizím zaříze
@AlefSecurity
5 Sept 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-55177
@transilienceai
5 Sept 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Die WhatsApp-Sicherheitslücke CVE-2025-55177 kann zum Hacken von Mac- und iOS-Benutzern ausgenutzt werden. Diese wurde in Verbindung mit einer Zero-Day-Sicherheitslücke CVE-2025-43300 von Apple ausgenutzt. https://t.co/K1vCHns3x2 https://t.co/jeKO86ozMT
@ThoKich
4 Sept 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CISA warns of WhatsApp 0-Day exploited in attacks A critical flaw (CVE-2025-55177) in WhatsApp’s device sync was used in zero-click spyware attacks, combined with an Apple 0-day. Nearly 200 people targeted. Source: https://t.co/3rh492Fy53 #CyberSecurity #CISA #WhatsApp h
@KelltronS21753
4 Sept 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
¿Usas iPhone o Mac? Actualiza Whats APP. La vulnerabilidad CVE-2025-55177 se encuentra muy activa; esta permite a los usuarios ejecutar el procesamiento de contenido de forma arbitraria por medio de una URL sin interacción. https://t.co/wq3Qaz2TXW https://t.co/KUOcAaNrsL
@Javilamena
3 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad de WhatsApp en iOS y MacOS ❗CVE-2025-55177 ➡️Más info: https://t.co/l6BarGdfVx https://t.co/OWh6xbWVMQ
@CERTpy
3 Sept 2025
137 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA adds critical vulnerabilities in WhatsApp (CVE-2025-55177) and TP-Link devices (CVE-2020-24363) to its Known Exploited Vulnerabilities catalog, highlighting risks to users and federal agencies. #US #TPLinkFlaws #WhatsAppRisks https://t.co/3iPrk5mIuL
@TweetThreatNews
3 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks Read more: https://t.co/FovDLF8lNs 1. 🚨 Urgent Advisory: CISA highlights a critical zero-day vulnerability in WhatsApp (CVE-2025-55177). 2. 🔐 Flaw Details: The issue falls under Incorrect Authorizati
@The_Cyber_News
3 Sept 2025
1410 Impressions
10 Retweets
25 Likes
6 Bookmarks
0 Replies
1 Quote
🚨 @CISACyber update: 2 new CVEs added to KEV Catalog — actively exploited! 🔵CVE-2020-24363 (@TPLINK TL-WA855RE) 🔵CVE-2025-55177 (@WhatsApp ) ⚠️ Attackers already abusing them. 💬 How quickly should orgs patch KEVs vs. other vulnerabilities? 👉 Stay updated, fo
@TechNadu
3 Sept 2025
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1408 CVE-2025-55177 Meta Platforms WhatsApp Incorrect Authorization Vulnerability ============= CVSSスコア:5.4 (Base) / Facebook, Inc. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L
@piyokango
3 Sept 2025
303 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
واٹس ایپ نے اپنی آئی فون اور میک ایپس میں موجود سنگین سیکیورٹی خامی (CVE-2025-55177) کو درست کر دیا ہے، جو ’زیرو کلک‘ بگ تھی اور بغیر کسی لنک پر کلک کیے ڈیوائسز ہی
@VisionPointPK
3 Sept 2025
76 Impressions
38 Retweets
40 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Sep 2) CVE-2020-24363 TP-link TL-WA855RE の重要な機能の認証が欠落している脆弱性 CVE-2025-55177 Meta Platforms WhatsApp 不正認証脆
@foxbook
3 Sept 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
"The flaw, tracked as CVE-2025-55177, allowed hackers to send malicious links capable of compromising a device and accessing private data — even without the victim clicking. Amnesty International described it as a “zero-click” attack, fraud scams https://t.co/bwALHAOJkh
@IdScreener
2 Sept 2025
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
1 Quote
WhatsApp lanzó una actualización urgente para corregir la vulnerabilidad CVE-2025-55177 en iOS y macOS, usada junto a una falla de Apple para distribuir spyware. Se recomienda actualizar de inmediato WhatsApp y el sistema operativo para proteger la privacidad. https://t.co/F8As
@ZonaAppleWorld
2 Sept 2025
339 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "AD89DE9C-CE23-499F-8436-3DA8B2A2ECF4",
"versionEndExcluding": "2.25.21.73",
"versionStartIncluding": "2.22.25.2"
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "CA1A1B3A-90A5-4EA1-AC4B-715127CE9DE7",
"versionEndExcluding": "2.25.21.78",
"versionStartIncluding": "2.22.25.2"
},
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "5DE9273B-2DA9-4BCE-8840-CB0B63163646",
"versionEndExcluding": "2.25.21.78",
"versionStartIncluding": "2.22.25.2"
}
],
"operator": "OR"
}
]
}
]