CVE-2025-55179

Published: Nov 18, 2025Modified: Nov 25, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: cve-assign@fb.com (Secondary)

Description

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.

Affected (3)

Products: Whatsapp: Whatsapp, Whatsapp Business

2 products

Whatsapp Business

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Whatsapp Whatsapp	From 2.25.8.17 to 2.25.23.73
Whatsapp Whatsapp	From 2.25.8.14 to 2.25.23.83
Whatsapp Whatsapp Business	From 2.25.8.14 to 2.25.23.82

References (2)

https://www.facebook.com/security/advisories/cve-2025-55179

Source: cve-assign@fb.com

Vendor Advisory

https://www.whatsapp.com/security/advisories/2025/

Source: cve-assign@fb.com

Vendor Advisory

Timeline

No history available yet.