CISA Alerts on WhatsApp 0-Day Vulnerability Actively Exploited in Attacks
gbhackersCISA has issued an urgent warning about a newly discovered zero-day vulnerability in WhatsApp that is already being exploited in active attacks.
The flaw, tracked as CVE-2025-55177, poses a significant risk to users worldwide, particularly as ransomware operators and other cybercriminals seek to take advantage of the weakness in device synchronization processes.
On September 2, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added the WhatsApp vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
The agency stressed that federal and critical infrastructure organizations should prioritize patching the issue before the September 23 deadline to reduce exposure to potential attacks.
| CVE ID | Vendor | Product | Vulnerability Type |
| CVE-2025-55177 | Meta Platforms | Incorrect Authorization |
The flaw stems from an incorrect authorization check in WhatsApp’s linked device feature, allowing attackers to manipulate synchronization messages and cause a victim’s device to process malicious content from arbitrary URLs.
This could serve as a stepping ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE