🟢 CVE-2025-55177

CVE-2025-55177 affects WhatsApp client applications on iOS and macOS, allowing unauthorized processing of content from arbitrary URLs through crafted synchronization messages. While it has network attack vector and active exploitation evidence, it targets client applications rather than internet-facing servers.

← Back to Overview
LOW_RISK
Risk Level
5.4
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2025-08-29

Added to CISA KEV: 2025-09-02 4 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

CVE-2025-55177 is a vulnerability that primarily affects WhatsApp on iOS and macOS devices [1]. Here's what is known about its exploitation:

  • Affected Applications/Services: The vulnerability affects WhatsApp for iOS (prior to version 2.25.21.73), WhatsApp Business for iOS, and WhatsApp for Mac (prior to version 2.25.21.78) [2].
  • Active Exploitation: There is evidence of active exploitation of CVE-2025-55177 in the wild [3][4].
  • Attack Vectors/Exploitation Methods:
* It is a zero-click exploit, meaning it can be exploited without any user interaction [1][5]. * The vulnerability involves insufficient authorization of linked device synchronization messages [6][5]. * Attackers can exploit memory corruption flaws to potentially crash processes or execute their own code [7]. * The vulnerability allows unauthorized processing of remote content on a victim's device via crafted synchronization messages [2].
  • Targeted Attacks: CVE-2025-55177 has been likely used in sophisticated, targeted attacks [8][9]. These attacks are suspected to be spyware-related and targeted specific users [8][5].
  • CISA KEV Status: CISA has added CVE-2025-55177 to its Known Exploited Vulnerabilities Catalog, requiring mitigation by September 23, 2025 [10]. This addition is based on evidence of active exploitation [3][4] and because it is a frequent attack vector for malicious actors [3].
  • Technical Details/Internet Exploitability:
* The vulnerability has a CVSS score of 5.4 [5][11] and 8.0 [5]. * Exploitability depends on attack complexity and required privileges [12]. * It has been exploited in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300) [8][5].

Sources

  1. CVE-2025-55177: Vulnerability in WhatsApp iOS & macOS ...

    Explore details for CVE-2025-55177, a zero-day vulnerability in WhatsApp iOS and macOS messaging clients, with insights on the SOC Prime ...

  2. WhatsApp vulnerability exploited in targeted zero-click attacks

    CVE-2025-55177 allows unauthorized processing of remote content on a victim's device via crafted synchronization messages . It impacts WhatsApp for iOS prior to version 2.25. 21.73, WhatsApp Business for iOS, and WhatsApp for Mac prior to version 2.25. 21.78.

  3. WhatsApp Flaw Added to CISA’s Known Exploited Vulnerabilities...

    These were added due to evidence of active exploitation and are frequent attack vectors for malicious actors. CISA believes these flaws present ...

  4. Known Exploited Vulnerabilities Catalog - CISA

    ... vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

  5. WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS ...

    The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed