Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

WhatsApp Incomplete Authorization Vulnerability in Device Synchronization Messages

Vulnerability

Exploited

A vulnerability exists in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78, due to incomplete authorization of linked device synchronization messages. This vulnerability could have allowed an unrelated user to initiate the processing of content from an arbitrary URL on a target device. It is believed that this issue, combined with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against certain targeted users.

Impact

Exploitation of this vulnerability could have led to unauthorized processing of content from arbitrary URLs on the affected user's device.

Added: Aug 29, 2025, 4:27 PM

Updated: Sep 2, 2025, 2:49 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.4

threat

8.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

6.4

remediation

0.0

relevance

0.4

threat

8.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

WhatsApp Incomplete Authorization Vulnerability in Device Synchronization Messages

Vulnerability

Impact

Affected Products

WhatsApp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating