WhatsApp is a free messaging app owned by Facebook that provides end-to-end encryption for users' messages, calls, photos, and videos. It allows communication over internet connections, thus can be used in place of SMS and provides functionalities like group chats and voice notes. The application is available for smartphones and computers.

WhatsApp

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-30401	MEDIUM	6.7	WhatsApp	whatsapp	No	Yes	Apr 05, 2025
CVE-2023-38537	MEDIUM	5.6	WhatsApp	cpe:2.3:a:whatsapp:whatsapp	No	Yes	Oct 04, 2023
CVE-2025-55179	MEDIUM	5.4	WhatsApp	whatsapp	No	Yes	Nov 18, 2025
CVE-2025-55177	MEDIUM	5.4	WhatsApp	whatsapp	Yes	Yes	Aug 29, 2025
CVE-2023-38538	MEDIUM	5	WhatsApp	cpe:2.3:a:whatsapp:whatsapp:::::desktop:windows::	No	Yes	Oct 04, 2023

CVE-2025-55179:
WhatsApp vulnerability analysis and mitigation

5.4

Related WhatsApp vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2025-55179: WhatsApp vulnerability analysis and mitigation