CVE-2025-55177MEDIUM 5.4CISA KEVEPSS p89.5%

CVE-2025-55177Meta Platforms WhatsApp Incorrect Authorization Vulnerability

Meta Platforms / WhatsApp

Description

Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.

Scoring

CVSS 3.15.4 (MEDIUM)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS4.12% probability of exploitation · percentile 89.5% · 2026-06-18T12:00:27Z
Published2025-08-29
Last modified2025-10-24

CISA KEV entry

Added to KEV: 2025-09-02

Underlying weaknesses· 1

CWE-863

References

  1. https://www.facebook.com/security/advisories/cve-2025-55177
  2. https://www.whatsapp.com/security/advisories/2025/
  3. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-55177

1

TypeTargetConfidenceTier
WeaknessIncorrect Authorizationcwe-8630%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryMeta Platforms WhatsApp Incorrect Authorization Vulnerabilitykev-cve-2025-551770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
WhatsApp Cross-Site Scripting Vulnerability
CVE
WhatsApp VOIP Stack Buffer Overflow Vulnerability
CVE
CVE-2026-2577
CVE
CVE-2026-2800
CVE
CVE-2026-11175
CVE
CVE-2026-47655
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.