CISA Alerts on WhatsApp 0-Day Vulnerability Actively Exploited in Attacks

CISA has issued an urgent warning about a newly discovered zero-day vulnerability in WhatsApp that is already being exploited in active attacks.

The flaw, tracked as CVE-2025-55177, poses a significant risk to users worldwide, particularly as ransomware operators and other cybercriminals seek to take advantage of the weakness in device synchronization processes.

On September 2, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added the WhatsApp vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

The agency stressed that federal and critical infrastructure organizations should prioritize patching the issue before the September 23 deadline to reduce exposure to potential attacks.

The flaw stems from an incorrect authorization check in WhatsApp’s linked device feature, allowing attackers to manipulate synchronization messages and cause a victim’s device to process malicious content from arbitrary URLs.

This could serve as a stepping stone for broader compromise, exposing users to data theft, malware installation, and espionage risks.

According to CISA’s alert, the vulnerability has not yet been definitively tied to ransomware campaigns, but the nature of the exploit makes it a high-value target for threat actors.

The advisory urges organizations to follow Meta Platforms’ mitigation instructions or, if unavailable, discontinue use of vulnerable versions of WhatsApp.

Technical Details

The vulnerability has been associated with CWE-863, which describes incorrect authorization resulting from incomplete verification of whether a user or process is permitted to access certain resources.

In this case, attackers can abuse WhatsApp’s cross-device synchronization to craft malicious linkage updates that bypass existing checks.

Security researchers warn that exploiting this flaw does not require victim interaction in all scenarios, increasing the risk of silent compromise.

Threat actors could potentially weaponize this for phishing campaigns or secondary payload delivery once access is obtained.

Meta Platforms has been urged to release immediate fixes. In the meantime, organizations and individuals are advised to:

• Update WhatsApp to the latest available version once a patch is issued.
• Monitor devices for abnormal synchronization requests or unusual network activity.
• Follow CISA’s Binding Operational Directive (BOD) 22-01 guidance on mitigating vulnerabilities in cloud services.
• Consider temporarily disabling WhatsApp’s linked device functionality in high-risk environments.

CISA’s inclusion of CVE-2025-55177 in its KEV catalog highlights the urgency of addressing the threat immediately.

With exploitation confirmed in active attacks, swift remediation steps are critical to prevent large-scale compromise.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.