Remote Code Execution (RCE) on Whatsapp

Published: Aug 29, 2025

is a zero-click remote code execution flaw that exploits a heap overflow in the media processing routine of WhatsApp for iOS and macOS platforms.


cve 2025-55177

Summary

Incomplete authorization vulnerability in WhatsApp for iOS, WhatsApp Business for iOS, and WhatsApp for Mac that could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

  • Impact
    -> Bypass device synchronization security controls.
    -> Potentially execute sophisticated attacks when combined with an OS-level vulnerability.
    -> Trigger processing of arbitrary content on a target’s device.

Exploitation

  • Again, The vulnerability stems from incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78, caused by an insufficient level of authorization when handling linked device synchronization messages.
  • WhatsApp’s multi-device architecture allows users to link secondary devices (like desktops or tablets) to their primary account. To coordinate this, WhatsApp uses synchronisation messages that carry metadata and content between devices.
  • The vulnerability becomes significantly more dangerous when chained with other exploits.
  • Security researchers believe CVE-2025–55177 was exploited in conjunction with CVE-2025–43300, an Apple ImageIO vulnerability that allowed memory corruption via malicious images.
  • Using this vulnerability, a malicious actor who has no legitimate association with the target could force a victim’s device to process content from an arbitrary URL on its own behalf if exploited.
  • The manipulation of trusted communication channels could serve as an entry point for remote code execution, or unauthorized delivery of malicious content, directly from the attacker’s infrastructure.
  • It is mentioned that this was a sophisticated attack. Not much information has been shared regarding the exploitation.

Mitigation and Remediation

  • Immediate Actions Required:
    • Update WhatsApp for iOS to version 2.25.21.73 or later.
    • Update WhatsApp Business for iOS to version 2.25.21.78 or later.
    • Update WhatsApp for Mac to version 2.25.21.78 or later.
    • Apply Apple’s security updates addressing CVE-2025-43300.
  • Additional Security Measures:
    • Review linked device configurations and remove unnecessary connections.
← Back to CVEs