India's cybersecurity watchdog, CERT-In, has issued a high-severity warning about a newly discovered authorization bypass vulnerability in WhatsApp. The flaw, tracked as CVE-2025-55177.
India's cybersecurity watchdog, CERT-In, has issued a high-severity warning about a newly discovered authorization bypass vulnerability in WhatsApp. The flaw, tracked as CVE-2025-55177, affects certain versions of WhatsApp for iOS, WhatsApp Business for iOS, and WhatsApp for Mac, and could potentially allow attackers to gain unauthorized access to sensitive user data.
What's the risk?
According to CERT-In's advisory (CIVN-2025-0200), the vulnerability stems from improper authorization handling in linked device synchronization messages. By exploiting this flaw, hackers could trick WhatsApp into processing malicious content from arbitrary URLs on the victim's device.
This could lead to exposure of personal chats, media, and sensitive user information. In some cases, the vulnerability has been observed alongside an Apple OS-level flaw (CVE-2025-43300), suggesting that it may have been leveraged in targeted cyberattacks.
Who is affected?
* WhatsApp for iOS versions prior to 2.25.21.73
* WhatsApp Business for iOS version 2.25.21.78
* WhatsApp for Mac version 2.25.21.78
Users running these versions are most at risk of exploitation.
What you can do
The government has strongly urged WhatsApp users to immediately update their apps to the latest available versions. WhatsApp has already released security patches to fix the flaw, which can be found on its official security advisories page.
Here are the steps users should follow:
1. Update WhatsApp - Go to the App Store (iOS/Mac) and install the latest version.
2. Enable auto-updates - Ensure future security patches are applied automatically.
3. Avoid suspicious links - Do not click on unknown links shared via WhatsApp, even from trusted contacts.
4. Check linked devices - Regularly review and remove any unknown devices from your WhatsApp account settings.
Why this matters
WhatsApp is one of the most widely used messaging platforms in India, with over 400 million users. Any breach in its security could expose massive amounts of personal and business data.
CERT-In's warning highlights the growing trend of sophisticated cyberattacks that combine app-level and OS-level vulnerabilities. Staying updated is the best defense against such threats.