The Hackingpost - © Copyright The Hackingpost. All Rights Reserved.

Thursday, September 4
Header Banner
HomeCloudCISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks
CloudCyberCybersecurityEventMainNetworkNewsSecurity

CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks

Angela Waters
September 3, 2025
0
3

CISA WhatsApp 0-Day Vulnerability

Cybersecurity

WhatsApp Authorization Vulnerability (CVE-2025-55177)

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding a zero-day vulnerability in WhatsApp, identified as CVE-2025-55177. This vulnerability, classified under CWE-863: Incorrect Authorization, allows unauthorized manipulation of linked device synchronization messages to force a target device to access an attacker-controlled URL.

Technical Overview

CVE-2025-55177 is due to incomplete authorization checks in the handling of synchronization messages when a user links their WhatsApp client on a new device. The flaw enables an attacker to craft a synchronization payload referencing a malicious URL. Affected clients may:

  • Process the message without verifying the sender’s authorization token.
  • Access the malicious URL to retrieve additional payload data.
  • Execute or display the content within the WhatsApp client, potentially leading to remote code execution (RCE) or content spoofing.

The vulnerability has been exploited in phishing operations, although its integration into ransomware campaigns remains unconfirmed.

Risk Factors

Affected Products WhatsApp messaging service
Impact Remote code execution
Exploit Prerequisites Crafted synchronization message delivery; active linked-device feature
CVSS 3.1 Score 5.4 (Medium)

Mitigations

CISA advises all WhatsApp users, especially in critical infrastructure sectors, to take immediate action:

  • Apply the patch released on September 2, 2025, as per the Meta Platforms Security Advisory.
  • Ensure linked-device synchronization messages are accepted only from authenticated endpoints.
  • Comply with the Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive (BOD) 22-01 for cloud service security, including multi-factor authentication and robust logging of synchronization events.
  • Monitor network traffic for unusual HTTP requests from WhatsApp clients as an indication of potential exploitation attempts.

Security teams should validate the installation of patches and ensure the updated version rejects unauthorized synchronization payloads. Organizations are advised to halt WhatsApp usage until secure patches are confirmed installed.

TagsCloudCyberCybersecurityEUEventGoogleMetaNewsSecurityUS
Previous Article

PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability

Next Article

Android Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack

Comments are closed.

More News

© Copyright The Hackingpost. All rights reserved.