Meta Platforms WhatsApp Incorrect Authorization Vulnerability
Meta Platforms — WhatsApp
- Added to KEV catalog
- 2 September 2025
- Federal remediation due date
- 23 September 2025
- Weakness classification (CWE)
- CWE-863
CISA Description
Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target’s device.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://www.whatsapp.com/security/advisories/2025/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-55177
More Meta Platforms Vulnerabilities
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services