The messenger’s developers have fixed a 0-day vulnerability in the iOS and macOS versions. According to the company, the new issue, along with a recently disclosed Apple bug, may have been used in “sophisticated attacks targeting specific users.”
The vulnerability has been assigned the identifier CVE-2025-55177 and a CVSS score of 8. The issue is related to insufficient authorization of linked-device synchronization messages. The vulnerability was discovered by researchers from WhatsApp’s internal security team.
The company explained that the issue “allowed a third party to initiate processing of content from an arbitrary URL on the victim’s device.”
The issue affects the following versions:
- WhatsApp for iOS versions prior to 2.25.21.73 (fixed on July 28, 2025);
- WhatsApp Business for iOS version 2.25.21.78 (fixed on August 4, 2025);
- WhatsApp for Mac version 2.25.21.78 (fixed on August 4, 2025).
Developers believe that the vulnerability may have been used in conjunction with the 0-day vulnerability CVE-2025-43300. This issue, which Apple fixed in mid-August 2025, affected iOS, iPadOS, and macOS. The bug was found in the Image I/O framework, which allows applications to read and write images in most formats.
Apple reported that this zero-click issue was used as part of sophisticated targeted attacks against individual users.
Experts at Amnesty International report that WhatsApp representatives have already notified around 200 people that in the past 90 days they may have been targets of a sophisticated cyberespionage campaign using CVE-2025-55177.
In the notification sent to affected users, the developers recommended performing a full factory reset of the device and then keeping the OS and the WhatsApp app up to date for optimal protection.
At present, it has not been disclosed who exactly may have been behind this espionage campaign.
30.01.2025 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
01.04.2025 — Hackers abuse MU plugins to inject malicious payloads to WordPress
According to Sucuri, hackers store malicious code in the MU-plugins (Must-Use Plugins) directory in WordPress and execute it while remaining undetected. The technique was first discovered…
Full article →
26.03.2025 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
14.02.2025 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
07.03.2025 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
21.02.2025 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
10.04.2025 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
16.04.2025 — Android devices will restart every three days to protect user data
Google introduces a new security feature for Android devices: locked and unused devices will be automatically restarted after three days of inactivity to return their memory to an…
Full article →
05.03.2025 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
23.02.2025 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →