—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Security Restriction Bypass Vulnerability in WhatsApp 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: MEDIUM

Software Affected

WhatsApp for iOS version prior to 2.25.23.73

WhatsApp Business for iOS version 2.25.23.82

WhatsApp for Mac version 2.25.23.83

Overview

A vulnerability has been reported in WhatsApp, which could allow an attacker to bypass security restriction on the targeted device

Target Audience:

End-users using affected version of WhatsApp.

Risk Assessment:

Risk of unauthorized access and sensitive information disclosure.

Impact Assessment:

Exploitation could allow disclosure of sensitive user information.

Description

WhatsApp is a widely used messaging application that enables users to send messages, voice notes, make calls, and share media over the internet with end-to-end encryption.

This vulnerability exists in WhatsApp due to incomplete validation of rich response messages. An attacker could exploit this flaw to trigger processing of content from an arbitrary URL on a victims device.

Solution

Apply appropriate updates as mentioned in:

https://www.whatsapp.com/security/advisories/2025

Vendor Information

 

https://www.whatsapp.com/security/advisories/2025

References

 

https://www.whatsapp.com/security/advisories/2025

CVE Name

CVE-2025-55179

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkfHIAACgkQ3jCgcSdc

ys+PvRAAl+6MAfe5Nkxthr08RrIwELmHA1OASu9OOD84qN/uBv8CF3FIKpr4a4n5

iQE0TMyzY6J/3+tnRBis2ddBvPqpYbpAKRXYcmHVY2QBbkBrKRVeH20NViS9G7kP

jjS37UUTGSjC2llJ3d174RAQwaIFR7/ZgxdpD3KTz0BybjNQTBMHvUb+E1H+JgSo

mcD870niMRAivg6coShQYVcQFDto6kt3yiDYBfEW8pViMBlN0N4XtLk/NCItxbg4

iP4gZRyGI24LDhwcyek42E7rYIRsHiyk8c88rrL6D37Y7JL50wBctwFq6+vFnDYx

wgBO7V8y/9vhSpvR9pRSonE9g9MQNUa/6aM21QGm+NA5jbrQxt78wTF98OG+3X9E

FSZiuIczKUT7KB784Q0WKjfYoBn5kQNYB2tcU/zsmfN6hyZV0qZNmPGtkAs/GPqa

2JCOVYuCoN+ia6+wFxEvjBI5xST8zKul3PuF+vgfqLmb+MKXWGKDIPEEiq8LdgBZ

urbZyd75ywA0kWwAiTT/0fVq0LRFtPrhwartzjPMg/g8dH7q085M93NtJWT7MZiI

QzswcK+r9MMSxQD0ugOOqctyApwkIRczN6Py19J1uriDfzTnQ2ivw5qJIBPeEAgi

m9IKqencwf34ScGJ2tkHcHwl2KETZlzbwRXa4Mu/bu+l2VSoFAs=

=DUEX

—–END PGP SIGNATURE—–