Primary

Context

WhatsApp Incomplete Validation of Rich Response Messages Leading to Arbitrary Media Processing Vulnerability

Vulnerability

A vulnerability exists in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83. This vulnerability stems from incomplete validation of rich response messages, which could have allowed a user to initiate the processing of media content from an arbitrary URL on another user’s device.

Impact

Exploitation of this vulnerability could have led to unauthorized processing of media content on a user's device, potentially allowing for the interception or manipulation of media.

Remediation

Users can update to WhatsApp for iOS v2.25.23.73 or later, WhatsApp Business for iOS v2.25.23.82 or later, and WhatsApp for Mac v2.25.23.83 or later.

Added: Nov 18, 2025, 3:24 PM

Updated: Nov 18, 2025, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

6.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WhatsApp Incomplete Validation of Rich Response Messages Leading to Arbitrary Media Processing Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating