CVE-2025-55179

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another users device. We have not seen evidence of exploitation in the wild.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
MetaCNA
5.4 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
whatsappwhatsapp
2.25.8.14 ≤
𝑥
< 2.25.23.83
𝑥
= Vulnerable software versions
References
https://www.facebook.com/security/advisories/cve-2025-55179
https://www.whatsapp.com/security/advisories/2025/