{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-55179","assignerOrgId":"4fc57720-52fe-4431-a0fb-3d2c8747b827","state":"PUBLISHED","assignerShortName":"Meta","dateReserved":"2025-08-08T18:21:47.119Z","datePublished":"2025-11-18T13:56:31.598Z","dateUpdated":"2025-11-18T14:25:08.232Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"WhatsApp Business for iOS","vendor":"Facebook","versions":[{"lessThan":"2.25.23.82","status":"affected","version":"2.25.8.14","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WhatsApp for iOS","vendor":"Facebook","versions":[{"lessThan":"2.25.23.73","status":"affected","version":"2.25.8.17","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"WhatsApp Desktop for Mac","vendor":"Facebook","versions":[{"lessThan":"2.25.23.83","status":"affected","version":"2.25.8.14","versionType":"semver"}]}],"dateAssigned":"2025-11-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild."}],"problemTypes":[{"descriptions":[{"description":"Incorrect Authorization (CWE-863)","lang":"en"}]}],"providerMetadata":{"orgId":"4fc57720-52fe-4431-a0fb-3d2c8747b827","shortName":"Meta","dateUpdated":"2025-11-18T13:56:31.598Z"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.facebook.com/security/advisories/cve-2025-55179"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.whatsapp.com/security/advisories/2025/"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:O/RC:C","baseScore":5.4,"baseSeverity":"MEDIUM"}}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-18T14:22:05.852548Z","id":"CVE-2025-55179","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-18T14:25:08.232Z"}}]}}