← Voltar para CVEs
CVE-2025-55177
MEDIUMCISA KEV5.4
Descricao
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Detalhes CVE
Pontuacao CVSS v3.15.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado8/29/2025
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMeta Platforms
ProdutoWhatsApp
Nome da vulnerabilidadeMeta Platforms WhatsApp Incorrect Authorization Vulnerability
Data inclusao KEV2025-09-02
Prazo de remediacao2025-09-23
Uso em ransomwareUnknown
Produtos afetados
whatsapp:whatsappwhatsapp:whatsapp_business
Fraquezas (CWE)
CWE-863
Referencias
https://www.facebook.com/security/advisories/cve-2025-55177(cve-assign@fb.com)
https://www.whatsapp.com/security/advisories/2025/(cve-assign@fb.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.