CVE-2025-55179_CVE-2025-55179

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C

Description

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.

Basic Information

ID CVE-2025-55179

Source Meta

Published Nov 18, 2025 at 13:56

Modified Nov 18, 2025 at 14:25

Affected Product

Vendor Facebook

Product WhatsApp Business for iOS

Version 2.25.8.14

Affected Versions Facebook WhatsApp Business for iOS 2.25.8.14
Facebook WhatsApp for iOS 2.25.8.17
Facebook WhatsApp Desktop for Mac 2.25.8.14

References

{
    "lastseen": "",
    "description": "Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user\u2019s device. We have not seen evidence of exploitation in the wild.",
    "published": "2025-11-18T13:56:31.598Z",
    "modified": "2025-11-18T14:25:08.232Z",
    "type": "cve",
    "title": "CVE-2025-55179",
    "source": "Meta",
    "references": "https://www.facebook.com/security/advisories/cve-2025-55179\nhttps://www.whatsapp.com/security/advisories/2025/",
    "id": "CVE-2025-55179",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Facebook WhatsApp Business for iOS 2.25.8.14\nFacebook WhatsApp for iOS 2.25.8.17\nFacebook WhatsApp Desktop for Mac 2.25.8.14",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WhatsApp Business for iOS",
    "version": "2.25.8.14",
    "vendor": "Facebook",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply