← Zuruck zu CVEs
CVE-2025-55177
MEDIUMCISA KEV5.4
Beschreibung
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht8/29/2025
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerMeta Platforms
ProduktWhatsApp
SchwachstellennameMeta Platforms WhatsApp Incorrect Authorization Vulnerability
KEV Aufnahmedatum2025-09-02
Behebungsfrist2025-09-23
Ransomware-NutzungUnknown
Betroffene Produkte
whatsapp:whatsappwhatsapp:whatsapp_business
Schwachen (CWE)
CWE-863
Referenzen
https://www.facebook.com/security/advisories/cve-2025-55177(cve-assign@fb.com)
https://www.whatsapp.com/security/advisories/2025/(cve-assign@fb.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.