CISA Warns of WhatsApp 0-Day Vulnerability Exploited in Attacks
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
CISA has issued an urgent advisory concerning a newly disclosed zero-day vulnerability in Meta Platforms\u2019 WhatsApp messaging service (CVE-2025-55177<\/a>).\u00a0<\/p>\n This flaw, categorized under CWE-863: Incorrect Authorization, allows an unauthorized actor to manipulate linked device synchronization messages and force a target device to fetch and process content from an attacker-controlled URL.\u00a0<\/p>\n Organizations and individual users are strongly urged to apply vendor-supplied mitigations by September 23, 2025, or to discontinue use until secure patches are available.<\/p>\n CVE-2025-55177 arises from an incomplete authorization check in WhatsApp\u2019s handling of linked device synchronization messages.\u00a0<\/p>\n When a user links their WhatsApp client on a new device, synchronization messages propagate chat histories and media over multiple endpoints.\u00a0<\/p>\n Due to the improper verification of message source and integrity, an unrelated user can craft a malicious synchronization payload referencing an arbitrary URL. The vulnerable client will:<\/p>\n This chain of events effectively enables remote code execution (RCE) or content spoofing, which could be leveraged to drop payloads ranging from credential-stealing scripts to ransomware.\u00a0<\/p>\n While it remains unconfirmed whether CVE-2025-55177 has been integrated into active ransomware campaigns, its exploitation in targeted phishing operations has already been observed.<\/p>\nKey Takeaways<\/strong>
1. CVE-2025-55177 exploits a WhatsApp device-sync auth flaw to fetch malicious URLs.
2. CWE-863 error enables RCE and has surfaced in phishing.
3. CISA mandates the Sept 2 patch or suspending WhatsApp.<\/pre>\nWhatsApp Authorization Vulnerability (CVE-2025-55177)<\/strong><\/h2>\n
\n