CVE-2025-55177

MEDIUM 5.4

⚠️ CISA KEV

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.

Vendor	facebook
Product	whatsapp desktop for mac
Published	Aug 29, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for facebook whatsapp desktop for mac

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-55177.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Facebook / WhatsApp Desktop for Mac

2.22.25.2 < 2.25.21.78

Facebook / WhatsApp Business for iOS

2.22.25.2 < 2.25.21.78

Facebook / WhatsApp for iOS

2.22.25.2 < 2.25.21.73

References

NVD ↗ CVE.org ↗ EPSS Data ↗

facebook.com: https://www.facebook.com/security/advisories/cve-2025-55177 whatsapp.com: https://www.whatsapp.com/security/advisories/2025/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177