Threat Advisories:
CVE-2025-55177: WhatsApp Zero-Click Flaw Used in Targeted Campaigns Experimental AI Ransomware PromptLock Sparks Security Concerns NightSpire Ransomware Expands Reach with Aggressive Extortion Deadlines Operation HanKook Phantom: APT37’s Stealthy Espionage Campaign Storm-0501’s Shift to Cloud-Native Ransomware Salt Typhoon Cyber Attacks Hit 200 Organizations in the United States CVE-2025-7775: Actively Exploited Critical Flaw in Citrix NetScaler ZipLine Campaign Spins Web Around U.S. Supply Chain Manufacturers with MixShell August 2025 Linux Patch Roundup New SHAMOS Stealer Exploits One-Line Commands on macOS QuirkyLoader: A Silent Enabler of Modern Malware Families CVE-2025-43300: Zero-Day in Apple Image I/O Exploited in Targeted Attacks Static Tundra Fuels Espionage Campaigns Through an Old Cisco Bug Crypto24 Ransomware Disrupts Businesses Using Custom EDR Bypass GodRAT Reloaded: Legacy Code, Modern Tactics Noodlophile Stealer Advances with Obfuscation, Social Media Deception PS1Bot: The Modular Malware Lurking Behind Malvertising Microsoft’s August 2025 Patch Tuesday Roundup Charon Ransomware Encrypts Files Belonging to Middle East Industries CVE-2025-25256: Fortinet Rushes to Patch High-Risk FortiSIEM Vulnerability
🎧 Hive Force Labs: Critical Threats Affecting You This Week - 5 Minute Audio Intelligence Report
👥 Play Count: Loading...
Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with an abundant number of out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Case Studies
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoThreat Digest - Subscribe

CVE-2025-55177: WhatsApp Zero-Click Flaw Used in Targeted Campaigns

Red | Vulnerability Report
Download PDF

CVE-2025-55177: WhatsApp Zero-Click Vulnerability Exploited in Targeted Campaigns

Summary

In August 2025, a critical zero-click vulnerability in WhatsApp (CVE-2025-55177) was exploited in highly targeted zero-day attacks against fewer than 200 high-value individuals worldwide. This flaw, affecting WhatsApp iOS and macOS clients, was chained with Apple’s CVE-2025-43300 (Out-of-Bounds Write in iOS, iPadOS, and macOS) to enable full device compromise.

The WhatsApp vulnerability stemmed from incomplete authorization handling of linked device synchronization messages, allowing attackers to force victim devices to process malicious content. Meta Platforms and Apple confirmed active exploitation of both flaws. Users are strongly urged to update WhatsApp and their devices immediately.

Vulnerability Details

  • CVE-2025-55177 (WhatsApp Incorrect Authorization Vulnerability)

    • Affected Products: WhatsApp for iOS (prior to v2.25.21.73), WhatsApp Business for iOS (v2.25.21.78), WhatsApp for Mac (v2.25.21.78).

    • CWE ID: CWE-863 (Incorrect Authorization).

    • Exploitation: Allowed attackers to load and process arbitrary URLs on victim devices without user interaction.

  • CVE-2025-43300 (Apple Out-of-Bounds Write Vulnerability)

    • Affected Products: macOS (before Sequoia 15.6.1, Sonoma 14.7.8, Ventura 13.7.8), iOS/iPadOS (before 18.6.2 and 17.7.10).

    • CWE ID: CWE-787 (Out-of-Bounds Write).

    • Exploitation: Used in tandem with CVE-2025-55177 to escalate privileges and execute arbitrary code at the OS level.

The chained exploitation technique highlights the increasing sophistication of multi-stage attack chains aimed at surveillance and espionage targeting influential individuals.

Recommendations

  • Update Immediately: Install the latest versions of WhatsApp and Apple operating systems.

  • Full Device Reset if Notified: Users receiving WhatsApp’s in-app threat notifications should perform a factory reset to ensure complete removal of malicious traces.

  • Enable Auto-Updates: Turn on automatic updates for apps and operating systems to ensure timely patching.

  • Practice Safe Browsing: Avoid clicking unexpected or suspicious links, even if they appear to be from trusted contacts.

  • Strengthen Vulnerability Management: Regularly assess, patch, and track software versions to minimize risks from zero-day exploits.

MITRE ATT&CK TTPs

  • Execution: T1203 (Exploitation for Client Execution), T1204 (User Execution), T1204.001 (Malicious Link)

  • Resource Development: T1588 (Obtain Capabilities), T1588.006 (Vulnerabilities)

  • General Tactics: TA0042 (Resource Development), TA0002 (Execution)

References

Patch Links

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox