CVE-2025-55177

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-55177

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55177.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-55177

Published

2025-08-29T16:15:36.723Z

Modified

2026-03-15T22:51:13.690542Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55177.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "2.22.25.2"
            },
            {
                "fixed": "2.25.21.73"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2.22.25.2"
            },
            {
                "fixed": "2.25.21.78"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "2.22.25.2"
            },
            {
                "fixed": "2.25.21.78"
            }
        ]
    }
]