What is the WhatsApp zero-day vulnerability that was recently patched?

WhatsApp has patched a zero-day vulnerability tracked as CVE-2025-55177 (CVSS score 8) that was actively exploited in sophisticated targeted attacks against iOS and macOS users. The vulnerability is a zero-click arbitrary URL processing flaw caused by incomplete authorization of linked device synchronization messages within WhatsApp's iOS and macOS applications.

Which versions of WhatsApp are affected by this vulnerability?

Affected versions include WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS prior to version 2.25.21.78, and WhatsApp for Mac prior to version 2.25.21.78. All users should update to the patched versions: WhatsApp for iOS version 2.25.21.73 and later, WhatsApp Business for iOS version 2.25.21.78 and later, and WhatsApp for Mac version 2.25.21.78 and later.

What should WhatsApp users do to protect themselves?

All users should update their WhatsApp applications to the latest patched versions immediately. For users who received threat notifications from WhatsApp, the company recommended performing a complete factory reset of their devices, as the attackers' malware might still reside at the operating system level even after the WhatsApp vulnerability was patched.

When did this WhatsApp spyware campaign begin?

The advanced spyware campaign began in late May 2025, with WhatsApp monitoring and issuing threat notifications over a 90-day period. This indicates the attack was ongoing for several months before being fully addressed.

What type of threat actors are believed to be behind this attack?

The sophisticated nature of the attack, the high-value targets (journalists, activists, human rights defenders), and the deployment patterns suggest state-sponsored surveillance operations. The expensive spyware tools used are typically sold by vendors to governments for targeting carefully selected individuals.

Attack

WhatsApp vulnerability actively exploited in targeted spyware campaign

Q: Was this WhatsApp vulnerability used in combination with other exploits?

Yes, the WhatsApp vulnerability was exploited in combination with a separate Apple operating system vulnerability tracked as CVE-2025-43300, which was patched earlier in August 2025. This demonstrates the sophisticated nature of the attack campaign.

published: Aug. 29, 2025

Take action: Update your WhatsApp on your computer and your phone NOW. Even if you are not immediately targeted, the flaw is now public and more attackers will try to explot it. So don't be lazy, the update is trivial. If you've been notified by WhatsApp that you were directly targeted, wipe and factory reset the phone.

Learn More

WhatsApp has patched a zero-day vulnerability that is actively exploited in sophisticated targeted attacks against iOS and macOS users.

The vulnerability is tracked as CVE-2025-55177 (CVSS score 8) zero-click arbitrary URL processing vulnerability and is caused by incomplete authorization of linked device synchronization messages within WhatsApp's iOS and macOS applications.

The flaw enabled malicious actors to force WhatsApp into processing content from arbitrary URLs directly on targeted devices without any victim interaction. Victims did not need to open messages or click links for the attack to succeed.

Affected versions include:

WhatsApp for iOS prior to version 2.25.21.73
WhatsApp Business for iOS prior to version 2.25.21.78
WhatsApp for Mac prior to version 2.25.21.78

Patched versions:

WhatsApp for iOS version 2.25.21.73 and later
WhatsApp Business for iOS version 2.25.21.78 and later
WhatsApp for Mac version 2.25.21.78 and later

The WhatsApp vulnerability was exploited in combination with a separate Apple operating system vulnerability tracked as CVE-2025-43300, which was patched earlier in August 2025.

WhatsApp confirmed that fewer than 200 users received threat notifications about being targeted in this advanced spyware campaign over a 90-day period beginning in late May 2025. Donncha Ó Cearbhaill, head of Amnesty International's Security Lab, confirmed that WhatsApp issued threat notifications to individuals who appeared to have been specifically targeted in the sophisticated attack.

The victims were primarily journalists, activists, human rights defenders, opposition politicians, and members of civil society - groups commonly targeted by state-sponsored surveillance operations. This aligns with typical deployment patterns for expensive spyware tools that are sold by vendors to governments for use against carefully selected high-value targets.

WhatsApp has already patched the vulnerability in the latest releases. All users should update their WhatsApp applications. For users who received threat notifications, WhatsApp recommended performing a complete factory reset of their devices, as the attackers' malware might still reside at the operating system level even after the WhatsApp vulnerability was patched.

WhatsApp vulnerability actively exploited in targeted spyware campaign

Read More
Fortinet EMS flaw actively exploited to deploy Remote …
FCX routers vulnerable to actively exploited flaw by …
CISA warns of active exploitation of critical PaperCut …
CISA warns of active exploitation of Windows SMB …
CISA warns of active exploitation of Windows vulnerability