WhatsApp Security Advisories

2025 Updates

August Update

CVE-2025-55177

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.

Acknowledgements: Internal Researchers on the WhatsApp Security Team

April Update

CVE-2025-30401

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.

Acknowledgements: External Researcher via Meta Bug Bounty submission

Funcții

Trimiteți mesaje în privat

Țineți legătura

Țineți legătura în grupuri

Exprimați-vă

Securizat prin design

Împărtășiți-vă viața de zi cu zi