—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Authorization Bypass vulnerability in WhatsApp 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

WhatsApp for iOS version prior to 2.25.21.73

WhatsApp Business for iOS version 2.25.21.78

WhatsApp for Mac version 2.25.21.78

Overview

A vulnerability has been reported in WhatsApp, which could allow an attacker to bypass authorization on the targeted device.

Target Audience: 

End-users using affected version of WhatsApp.

Risk Assessment:

Risk of unauthorized access and sensitive information disclosure.

Impact Assessment:

Exploitation could allow disclosure of sensitive user information.

Description

WhatsApp is a widely used messaging application that enables users to send messages, voice notes, make calls, and share media over the internet with end-to-end encryption.

This vulnerability exists in WhatsApp due to improper authorization handling in linked device synchronization messages. An attacker could exploit this flaw to trigger processing of content from an arbitrary URL on a victim’s device.

In some cases, this vulnerability has been observed in combination with an OS-level flaw in Apple platforms (CVE-2025-43300) and may have been exploited in sophisticated, targeted attacks.

Solution

Users are advised to update to the latest available versions of WhatsApp:

https://www.whatsapp.com/security/advisories/2025/

Vendor Information

WhatsApp

https://www.whatsapp.com/security/advisories/2025/

References

WhatsApp

https://www.whatsapp.com/security/advisories/2025/

CVE Name

CVE-2025-55177

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmi0TZQACgkQ3jCgcSdc

ys9Hng/+N96yV8NUPgtHBnsChH/FETsULy997Lsv0KVpp8gnOtgQkF2OobTr7YaM

3KGpBQM9q6lHazOx7mpycn9TscWXxMLvLYsLfCTYIM/vs3SVZCUz4G5cZBZnXeVz

JDVHR9Ijj62S+K5b4J4rCJP9Uc9t1D0iFYZCVTtxK93kzBvEzwRgi0euQeayDyGQ

NXN0YXhsu/JI2L9PtQ2Gm6+JJznXCAtLKbcQOeR3W220qUR+kR4EqbuW9Xy/CupH

VLqLcxlIf2zbpLJtHiaNptznOIFcImeLWUjTDGefuUke6a3d8VNQXofTXFQK6rYF

STAlhupOQ50Otd9SSqHypChCxlDPTSu11m5k5bZUTtcNeAt/PuHr/s5AVG24E6iR

rV4fhbQXn0Ycef6yH6KAYKIziYg7em6jA/VXs9JQkMeKTvFEdrMW3SNtuRKlPR8p

Gn1HAsZeDS0cKjHeLE9gjh43zAH1GSZzQpaGZBhaMhsRDUsA4BvdgRyO7a7tFmPu

9YQMf7sSLK7WoHwI8DtKgVCGp5vh/ELuwVIhwrjuRQw1JcD0YYcYPnK5rbxhKVJA

yzw+mbdzCG7M5uAj9nCBLHl9k9MqFLqj3VW4bCdKX/AuUJGNGlsRul9KN3/FJ228

QvRAYPX/3naX6KjYJWU/TFttFNg96c8Kr3tc5k6ZUwl8CaxC1/Y=

=QXbp

—–END PGP SIGNATURE—–