CVE-2025-55177 - Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Vulnerability Name

Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Description

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.whatsapp.com/security/advisories/2025/

https://nvd.nist.gov/vuln/detail/CVE-2025-55177

Related News Articles

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware AttackSeptember 16, 2025

Apple backports zero-day patches to older iPhones and iPadsSeptember 16, 2025

Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR ConfirmsSeptember 12, 2025

Samsung patches actively exploited zero-day reported by WhatsAppSeptember 12, 2025

Apple warns customers targeted in recent spyware attacksSeptember 12, 2025