WhatsApp iOS/Mac before v2.25.23.83: media URL validation flaw (CVE-2025-55179)
CVE-2025-55179 Published on November 18, 2025

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another users device. We have not seen evidence of exploitation in the wild.

NVD

Affected Versions

Facebook WhatsApp Business for iOS:

Version 2.25.8.14 and below 2.25.23.82 is affected.

Facebook WhatsApp for iOS:

Version 2.25.8.17 and below 2.25.23.73 is affected.

Facebook WhatsApp Desktop for Mac:

Version 2.25.8.14 and below 2.25.23.83 is affected.

Exploit Probability

EPSS

0.03%

Percentile

9.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

WhatsApp iOS/Mac before v2.25.23.83: media URL validation flaw (CVE-2025-55179)CVE-2025-55179 Published on November 18, 2025

Affected Versions

Exploit Probability

WhatsApp iOS/Mac before v2.25.23.83: media URL validation flaw (CVE-2025-55179)
CVE-2025-55179 Published on November 18, 2025