CVE-2025-55177

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 6 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.76%

probability

This CVE has a 0.76% probability of being exploited in the next 30 days.

0% Top 73.6th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Incomplete authorization of linked device synchronization messages

Attack Intelligence

CWE-284 · Improper Access Control CWE-285 · Improper Authorization CWE-863 · Incorrect Authorization

Google Project Zero

Patched

Aug. 20, 2025

Reported by

Internal Researchers on the WhatsApp Security Team

Root Cause Analysis

???

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

TheHackerNews

Apple backports zero-day patches to older iPhones and iPads

BleepingComputer Sep 16, 2025

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

TheHackerNews

Samsung patches actively exploited zero-day reported by WhatsApp

BleepingComputer Sep 12, 2025

WhatsApp patches vulnerability exploited in zero-day attacks

BleepingComputer Aug 29, 2025

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

TheHackerNews

Signal Intelligence

Confidenceⓘ

85%

EPSS 0.76%

Mentions 6

Last Seen Sep 16, 2025

CNA Information

Analyst Note

CVE-2025-55177 is confirmed as a legitimate vulnerability affecting WhatsApp across multiple platforms, with demonstrated exploitation in the wild and patches released by vendors. The vulnerability involves incomplete authorization in linked device synchronization that could enable unauthorized content processing, corroborated by reporting from reputable security sources and Google Project Zero involvement.