CVE-2025-55177: Meta Platforms WhatsApp Incorrect Authorization Vulnerability

CVE ID

CVE-2025-55177

Vulnerability Name

Meta Platforms WhatsApp Incorrect Authorization Vulnerability

• Project: Meta Platforms
• Product: WhatsApp

Date

• Date Added: 2025-09-02
• Due Date: 2025-09-23

Description

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.whatsapp.com/security/advisories/2025/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-55177

Related Security News

• CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List