Detections
Analytics
WhatsApp Desktop for Mac 2.22.25.2 < 2.25.21.78 Incorrect Authorization (August Update)
medium Nessus Plugin ID 265762
Synopsis
The remote host is missing a security update.Description
The version of WhatsApp Desktop installed on the remote host is 2.22.25.2 prior to 2.25.21.78. It is, therefore, affected by a vulnerability as referenced in the August update advisory:- Incomplete authorization of linked device synchronization messages in WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms CVE-2025-43300, may have been exploited in a sophisticated attack against specific targeted users. (CVE-2025-55177)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to WhatsApp version 2.25.21.78 or laterSee Also
Plugin Details
Severity: Medium
ID: 265762
File Name: macos_whatsapp_CVE-2025-55177.nasl
Version: 1.2
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 9/24/2025
Updated: 9/24/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.6
CVSS v2
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.5
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS Score Source: CVE-2025-55177
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 5
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:whatsapp:whatsapp
Required KB Items: installed_sw/WhatsApp Desktop
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/29/2025
Vulnerability Publication Date: 8/29/2025
CISA Known Exploited Vulnerability Due Dates: 9/23/2025
Reference Information
CVE: CVE-2025-55177