CVE-2025-55177Meta Platforms WhatsApp Incorrect Authorization Vulnerability

PUBLISHEDvulnerability record
2025-09-02 · last modified September 2, 2025

Metadata

CVE ID:
CVE-2025-55177
Project:
Meta Platforms
Product:
WhatsApp
Date Added:
2025-09-02
Due Date:
2025-09-23
Last Updated:
September 2, 2025

Vulnerability Name

Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Description

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses