[CIVN-2025-0200] Authorization Bypass vulnerability in WhatsApp
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Authorization Bypass vulnerability in WhatsApp
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
WhatsApp for iOS version prior to 2.25.21.73
WhatsApp Business for iOS version 2.25.21.78
WhatsApp for Mac version 2.25.21.78
Overview
A vulnerability has been reported in WhatsApp, which could allow an attacker to bypass authorization on the targeted device.
Target Audience:
End-users using affected version of WhatsApp.
Risk Assessment:
Risk of unauthorized access and sensitive information disclosure.
Impact Assessment:
Exploitation could allow disclosure of sensitive user information.
Description
WhatsApp is a widely used messaging application that enables users to send messages, voice notes, make calls, and share media over the internet with end-to-end encryption.
This vulnerability exists in WhatsApp due to improper authorization handling in linked device synchronization messages. An attacker could exploit this flaw to trigger processing of content from an arbitrary URL on a victim’s device.
In some cases, this vulnerability has been observed in combination with an OS-level flaw in Apple platforms (CVE-2025-43300) and may have been exploited in sophisticated, targeted attacks.
Solution
Users are advised to update to the latest available versions of WhatsApp:
https://www.whatsapp.com/security/advisories/2025/
Vendor Information
WhatsApp
https://www.whatsapp.com/security/advisories/2025/
References
WhatsApp
https://www.whatsapp.com/security/advisories/2025/
CVE Name
CVE-2025-55177
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmi0TZQACgkQ3jCgcSdc
ys9Hng/+N96yV8NUPgtHBnsChH/FETsULy997Lsv0KVpp8gnOtgQkF2OobTr7YaM
3KGpBQM9q6lHazOx7mpycn9TscWXxMLvLYsLfCTYIM/vs3SVZCUz4G5cZBZnXeVz
JDVHR9Ijj62S+K5b4J4rCJP9Uc9t1D0iFYZCVTtxK93kzBvEzwRgi0euQeayDyGQ
NXN0YXhsu/JI2L9PtQ2Gm6+JJznXCAtLKbcQOeR3W220qUR+kR4EqbuW9Xy/CupH
VLqLcxlIf2zbpLJtHiaNptznOIFcImeLWUjTDGefuUke6a3d8VNQXofTXFQK6rYF
STAlhupOQ50Otd9SSqHypChCxlDPTSu11m5k5bZUTtcNeAt/PuHr/s5AVG24E6iR
rV4fhbQXn0Ycef6yH6KAYKIziYg7em6jA/VXs9JQkMeKTvFEdrMW3SNtuRKlPR8p
Gn1HAsZeDS0cKjHeLE9gjh43zAH1GSZzQpaGZBhaMhsRDUsA4BvdgRyO7a7tFmPu
9YQMf7sSLK7WoHwI8DtKgVCGp5vh/ELuwVIhwrjuRQw1JcD0YYcYPnK5rbxhKVJA
yzw+mbdzCG7M5uAj9nCBLHl9k9MqFLqj3VW4bCdKX/AuUJGNGlsRul9KN3/FJ228
QvRAYPX/3naX6KjYJWU/TFttFNg96c8Kr3tc5k6ZUwl8CaxC1/Y=
=QXbp
—–END PGP SIGNATURE—–