CVE-2025-55177

CVE-2025-55177 Meta Platforms WhatsApp contains an authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

CVE-2025-21043 was reported by WhatsApp in the same way as CVE-2025-55177, which affected Apple’s iPhone and was flagged last month. Samsung says it “was notified that an exploit for this issue has existed in the wild.” (Forbes)

🚨 APT ALERT 🍏🕵️‍♂️ • Mercenary spyware hitting Apple devices via zero-days (CVE-2025-43300, CVE-2025-55177) ⚡ • Targets: activists, journalists & government officials 🎯 • Action: Enable Lockdown Mode, check Apple alerts & patch ASAP 🔒 High

🔐 WhatsApp patched a critical vulnerability (CVE-2025-55177) exploited in zero-click spyware attacks. Only 200 accounts hit, but the threat was serious. Update your app now! https://t.co/wox21B3Bbn

🔒 WhatsApp parchea una grave vulnerabilidad (CVE-2025-55177) usada en ataques de spyware sin clic. Solo 200 cuentas afectadas, pero el riesgo era real. ¡Actualiza ya! https://t.co/gv9rtfuewf

Samsung patches a critical remote code execution flaw (CVE-2025-21043) in Android and WhatsApp fixes a zero-click spyware exploit (CVE-2025-55177) impacting iOS and macOS devices. #SamsungUpdate #WhatsAppPatch #SouthKorea https://t.co/QbRVTikh04

🚨 ¡Alerta en WhatsApp! Fallo CVE-2025-55177 permite robo de datos y malware 💻🔓. Protege tus chats ya ⚠️ https://t.co/tcOvNvBjwf #WhatsApp #Ciberseguridad

CISA, TP-Link (CVE-2020-24363) ve WhatsApp (CVE-2025-55177) açıklarını KEV listesine ekledi. https://t.co/23WbbNkyMd #laykon #laykonbilisim #siberguvenlik #antivirus #verigüvenliği #narbulut #netwrix #logalarm #gaterzone #logtin #watchguard #bitdefender #transferchain ht

🐺 Composite Vulnerability Report Meta Platforms WhatsApp CVE-2025-55177 1️⃣ Executive Preamble This is not just a bug report. It is a systemic warning: How incomplete authorization in WhatsApp’s linked-device sync exposes users to remote execution. Why attackers levera

🚨 CISA alerta: Nova zero-day no WhatsApp (CVE-2025-55177) em exploração ativa! Afeta sincronização de dispositivos e pode levar a roubo de dados e malware. Profissionais de segurança, ATUALIZEM JÁ! Não espere. 🛡️ https://t.co/fEroaDcq3a #WhatsApp #ZeroDay #CyberS

🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:

🚨 CRITICAL THREATS - Sept 7 ⚠️ PATCH NOW: • WhatsApp CVE-2025-55177 • TP-Link CVE-2020-24363 • Git CVE-2025-48384 🦠 PromptLock AI ransomware 🕳️ 16B credentials leaked 🛡️ Update systems, enable MFA Deadline: Sept 23 #CyberSecurity #ThreatIntel https:

Actively exploited CVE : CVE-2025-55177

🚨 WhatsApp opravuje Zero-Click zranitelnost ve verzích pro iOS a MacOS. Zranitelnost CVE-2025-55177 (CVSS score: 5.4) spočívá ve špatné autorizaci synchronizačních zpráv. Podle výzkumníků chyba umožňovala zpracovat data z libovolné URL adresy na cizím zaříze

Actively exploited CVE : CVE-2025-55177

Die WhatsApp-Sicherheitslücke CVE-2025-55177 kann zum Hacken von Mac- und iOS-Benutzern ausgenutzt werden. Diese wurde in Verbindung mit einer Zero-Day-Sicherheitslücke CVE-2025-43300 von Apple ausgenutzt. https://t.co/K1vCHns3x2 https://t.co/jeKO86ozMT

🚨 CISA warns of WhatsApp 0-Day exploited in attacks A critical flaw (CVE-2025-55177) in WhatsApp’s device sync was used in zero-click spyware attacks, combined with an Apple 0-day. Nearly 200 people targeted. Source: https://t.co/3rh492Fy53 #CyberSecurity #CISA #WhatsApp h

¿Usas iPhone o Mac? Actualiza Whats APP. La vulnerabilidad CVE-2025-55177 se encuentra muy activa; esta permite a los usuarios ejecutar el procesamiento de contenido de forma arbitraria por medio de una URL sin interacción. https://t.co/wq3Qaz2TXW https://t.co/KUOcAaNrsL

⚠️Vulnerabilidad de WhatsApp en iOS y MacOS ❗CVE-2025-55177 ➡️Más info: https://t.co/l6BarGdfVx https://t.co/OWh6xbWVMQ

CISA adds critical vulnerabilities in WhatsApp (CVE-2025-55177) and TP-Link devices (CVE-2020-24363) to its Known Exploited Vulnerabilities catalog, highlighting risks to users and federal agencies. #US #TPLinkFlaws #WhatsAppRisks https://t.co/3iPrk5mIuL

⚠️ CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks Read more: https://t.co/FovDLF8lNs 1. 🚨 Urgent Advisory: CISA highlights a critical zero-day vulnerability in WhatsApp (CVE-2025-55177). 2. 🔐 Flaw Details: The issue falls under Incorrect Authorizati

🚨 @CISACyber update: 2 new CVEs added to KEV Catalog — actively exploited! 🔵CVE-2020-24363 (@TPLINK TL-WA855RE) 🔵CVE-2025-55177 (@WhatsApp ) ⚠️ Attackers already abusing them. 💬 How quickly should orgs patch KEVs vs. other vulnerabilities? 👉 Stay updated, fo

米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1408 CVE-2025-55177 Meta Platforms WhatsApp Incorrect Authorization Vulnerability ============= CVSSスコア：5.4 (Base) / Facebook, Inc. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L

واٹس ایپ نے اپنی آئی فون اور میک ایپس میں موجود سنگین سیکیورٹی خامی (CVE-2025-55177) کو درست کر دیا ہے، جو ’زیرو کلک‘ بگ تھی اور بغیر کسی لنک پر کلک کیے ڈیوائسز ہی

CISAが2つの既知の脆弱性をカタログに追加 CISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Sep 2) CVE-2020-24363 TP-link TL-WA855RE の重要な機能の認証が欠落している脆弱性 CVE-2025-55177 Meta Platforms WhatsApp 不正認証脆

"The flaw, tracked as CVE-2025-55177, allowed hackers to send malicious links capable of compromising a device and accessing private data — even without the victim clicking. Amnesty International described it as a “zero-click” attack, fraud scams https://t.co/bwALHAOJkh

WhatsApp lanzó una actualización urgente para corregir la vulnerabilidad CVE-2025-55177 en iOS y macOS, usada junto a una falla de Apple para distribuir spyware. Se recomienda actualizar de inmediato WhatsApp y el sistema operativo para proteger la privacidad. https://t.co/F8As

WhatsApp (CVE-2025-55177) and Apple (CVE-2025-43300) have patched zero-day flaws that could be chained to deliver targeted spyware. Both firms warn the vulnerabilities were likely used against specific individuals. https://t.co/b4YJFKWzq3 #CyberSecurity

تم اكتشاف ثغرة أمنية بالغة الخطورة في تطبيق واتساب على أجهزة آبل، والتي كانت تُمكّن المهاجمين من زرع برامج تجسس على أجهزة المستخدمين دون الحاجة إلى أي إج

🛡️ We added TP-link TL-WA855RE and Meta Platforms WhatsApp vulnerabilities CVE-2020-24363 & CVE-2025-55177 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52Mc5jG & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec

WhatsApp patched a zero-day vulnerability (CVE-2025-55177) linked to incomplete device authorization. Paired with an Apple OS flaw (CVE-2025-43300), it enabled highly targeted attacks. #WhatsAppFlaw #AppleZeroDay #NSOGroup https://t.co/uKP5R6AwcK

Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-55177 Meta Platforms #WhatsApp Incorrect Authorization Vulnerability https://t.co/NNubkmISCW

📱 WhatsApp 0-Day exposes iOS and macOS users 🔍 The critical vulnerability CVE-2025-55177 has been identified in WhatsApp for Apple, exploited in targeted attacks that chain with operating system flaws to compromise devices and steal data. https://t.co/cvfuzPOKPd

📱 WhatsApp 0-Day expone a usuarios de iOS y macOS 🔍 Se ha identificado la vulnerabilidad crítica CVE-2025-55177 en WhatsApp para Apple, explotada en ataques dirigidos que combinan fallas en el sistema operativo para comprometer dispositivos y robar datos. https://t.co/ybz1

WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users - (CVE-2025-55177) - https://t.co/km2B73jrku

WhatsApp'ta ortaya çıkan CVE-2025-55177 kodlu güvenlik açığı, özellikle iPhone kullanıcılarını hedef alan "sıfır tıklama" siber saldırılarına karşı savunmasız bıraktı. Son 90 gündeki saldırılar, kişisel verileri riske attı. WhatsApp açığı kapatt

#Klantervaring #iOS #macOS WhatsApp verhielp een ernstige kwetsbaarheid die misbruikt werd in een reeks aanvallen waarbij slachtoffers geen enkele actie hoefden te ondernemen.  Het lek, bekend als CVE-2025-55177, zat in het synchronisatieproces van… https://t.co/xAg25J9uJ5

#واتساب وآبل نزلوا تحديث طارئ بعد اكتشاف ثغرة خطيرة (CVE-2025-55177) في واتساب على iOS وMac تسمح للهاكرز يخفون روابط تجسس داخل رسائل عادية، ومع ثغرة ثانية في آبل (CVE-20

WhatsApp just patched a very fun zero-click bug (CVE-2025-55177)! WhatsApp assesses that it was used partially in conjunction with the iOS RawCamera DNG vulnerability (CVE-2025-43300) https://t.co/DhYT67H2kp

أصلحت واتساب ثغرة أمنية خطيرة (CVE-2025-55177) استُغلت في هجمات تجسسية متقدمة على هواتف آيفون. الثغرة مكّنت المهاجمين من تنفيذ تعليمات ضارة عن بعد، واستهدفت صحف

🚨BREAKING: WhatsApp patched a critical 0-day (CVE-2025-55177) targeting iOS & macOS users. ⚠️Zero-click spyware exploited in live attacks ⚠️Could steal files, comms, tokens & more ⚠️Meta urges all users to update immediately Details: https://t.co/ammbnLDA

🍎WhatsApp, iOS ve Mac uygulamalarındaki bir güvenlik açığını (CVE-2025-55177) düzeltti. Bu açık, hedeflenmiş kullanıcıların Apple cihazlarına gizlice casus yazılım yüklemek için kullanılıyordu.🧵1/4

WhatsApp patched critical zero-day CVE-2025-55177 linked to device sync messages, exploited with Apple OS flaw in spyware attacks by groups like NSO. Highlights rising risks in targeted cyber espionage. #WhatsAppFlaw #NSOGroup #AppleOS https://t.co/dNzLBy8mwO

WhatsApp corrige falha zero-click CVE-2025-55177 no iOS e macOS; atualize já. Veja versões afetadas, relação com bug da Apple e como se proteger. Vale a pena discutir? Comente/compartilhe. #WhatsApp https://t.co/kD1EJzMoah

🚨 WhatsApp Zero-Click Flaw Patched A bug (CVE-2025-55177) allowed attackers to trigger content from malicious URLs on iOS/macOS without user interaction. Combined with an Apple OS vulnerability, it risked device compromise. Fewer than 200 users affected. Update WhatsApp http

WhatsApp、Appleユーザーへのスパイウェア配布目的で悪用されたゼロクリックの脆弱性を修正：CVE-2025-55177 | Codebook｜Security News https://t.co/h6uhOKwX1z

Zero-click hack on WhatsApp is going on! 😱 iPhones & Macs at risk—no tap, no click, just hacked. Apple fam: UPDATE NOW or risk losing it all. zero-click bug (CVE-2025-55177) was chained with an Apple flaw (CVE-2025-43300), enabling data theft without interaction. @grok

CVE-2025-55177: WhatsApp Patches Zero-Day Flaw Used in Targeted Spyware Attacks https://t.co/fEdjQpSERY

🛑 Avis aux utilisateurs de WhatsApp 👉 Une faille de sécurité Zero-Click, déjà exploitée comme Zero Day, a été patchée dans les applications WhatsApp pour iOS et macOS : CVE-2025-55177. 🧷 + d'infos : https://t.co/RjI3Tw1mSE #iOS #macOS #WhatsApp #infosec https:

⚠️WhatsApp、Appleユーザーへのスパイウェア配布目的で悪用されたゼロクリックの脆弱性を修正：CVE-2025-55177 〜サイバーセキュリティ週末の話題〜 https://t.co/NVWhJFpM3W #セキュリティ #インテリジェンス #OSINT