CISA warns of actively exploited WhatsApp zero-day targeting Apple users

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory concerning a newly discovered zero-day vulnerability in Meta’s WhatsApp, identified as CVE-2025-55177.

 

 The flaw is already being exploited in active attacks, allowing hackers to compromise devices without requiring any interaction from the user.

 

According to security researchers, the vulnerability stems from an incomplete authorization mechanism in WhatsApp’s linked-device synchronization process. By crafting malicious sync messages, attackers can force a target’s device to fetch content from attacker-controlled servers.

 

 This could lead to the execution of harmful code or the display of spoofed content, making it an especially dangerous exploit.

 

Reports suggest that the zero-day has been used in a targeted spyware campaign against high-value individuals. Amnesty International’s Security Lab found evidence that attackers chained the WhatsApp flaw with a separate Apple ImageIO zero-day, CVE-2025-43300, to compromise iPhones and other Apple devices.

 

 These so-called “zero-click” exploits require no action by victims, making them nearly impossible to defend against without immediate software updates. WhatsApp has confirmed that fewer than 200 individuals worldwide were notified of being targeted, a figure that underscores the precision of the attack and its likely focus on journalists, activists, and other sensitive profiles.

 

In response, CISA has added CVE-2025-55177 to its Known Exploited Vulnerabilities catalog, mandating that all federal agencies patch or suspend the use of WhatsApp by September 23, 2025.

 

Security experts stress that the urgency of the situation outweighs the vulnerability’s official “medium” CVSS rating of 5.4, since real-world exploitation poses a much greater risk than the numerical score suggests.

 

Both WhatsApp and Apple have issued updates to mitigate the flaws. Users are strongly advised to update immediately to the latest versions of WhatsApp, 2.25.21.73 or later on iOS, and 2.25.21.78 for WhatsApp Business as well as to install the most recent Apple operating system updates. Individuals notified of being targeted are encouraged to take additional steps such as performing a factory reset of their devices and enabling heightened security features like Apple’s Lockdown Mode.

 

This incident highlights the growing reliance of spyware operators on sophisticated, zero-click exploits to infiltrate the devices of high-value targets. It also raises new concerns about the resilience of consumer messaging platforms that serve billions of users worldwide, and whether patching alone is enough to keep pace with the rapidly evolving tactics of surveillance actors.