Refine your search
4 vulnerabilities found for WhatsApp Desktop for Mac by Facebook
CVE-2025-55179 (GCVE-0-2025-55179)
Vulnerability from nvd
Published
2025-11-18 13:56
Modified
2025-11-18 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization (CWE-863)
Summary
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Version: 2.25.8.14 ≤ |
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:22:05.852548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:25:08.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.82",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.73",
"status": "affected",
"version": "2.25.8.17",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.83",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T13:56:31.598Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55179",
"datePublished": "2025-11-18T13:56:31.598Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2025-11-18T14:25:08.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55177 (GCVE-0-2025-55177)
Vulnerability from nvd
Published
2025-08-29 15:50
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization (CWE-863)
Summary
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Desktop for Mac |
Version: 2.22.25.2 ≤ |
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55177",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-30T03:55:35.684164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-02T00:00:00+00:00",
"value": "CVE-2025-55177 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.73",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-30T16:54:33.495Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-55177",
"datePublished": "2025-08-29T15:50:28.578Z",
"dateReserved": "2025-08-08T18:21:47.118Z",
"dateUpdated": "2025-10-21T22:45:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55179 (GCVE-0-2025-55179)
Vulnerability from cvelistv5
Published
2025-11-18 13:56
Modified
2025-11-18 14:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization (CWE-863)
Summary
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Business for iOS |
Version: 2.25.8.14 ≤ |
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T14:22:05.852548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T14:25:08.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.82",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.73",
"status": "affected",
"version": "2.25.8.17",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.23.83",
"status": "affected",
"version": "2.25.8.14",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T13:56:31.598Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55179",
"datePublished": "2025-11-18T13:56:31.598Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2025-11-18T14:25:08.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55177 (GCVE-0-2025-55177)
Vulnerability from cvelistv5
Published
2025-08-29 15:50
Modified
2025-10-21 22:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Incorrect Authorization (CWE-863)
Summary
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WhatsApp Desktop for Mac |
Version: 2.22.25.2 ≤ |
|||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55177",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-30T03:55:35.684164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-02",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:45:20.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-02T00:00:00+00:00",
"value": "CVE-2025-55177 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WhatsApp Desktop for Mac",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp Business for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.78",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WhatsApp for iOS",
"vendor": "Facebook",
"versions": [
{
"lessThan": "2.25.21.73",
"status": "affected",
"version": "2.22.25.2",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Authorization (CWE-863)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-30T16:54:33.495Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.whatsapp.com/security/advisories/2025/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-55177",
"datePublished": "2025-08-29T15:50:28.578Z",
"dateReserved": "2025-08-08T18:21:47.118Z",
"dateUpdated": "2025-10-21T22:45:20.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}