WhatsApp fixed a serious vulnerability that was exploited in a series of attacks in which victims did not need to take any action.
The vulnerability, known as CVE-2025-55177, was found in the synchronization process of linked devices and allowed attackers to remotely process content from any URL on a victim’s device. Combined with a flaw in Apple’s ImageIO framework, catalogued as CVE-2025-43300, this created an attack chain known as a zero-click exploit.
According to TechCrunch, researchers at Amnesty International described the campaign as one of the most sophisticated spyware attacks in recent times. Victims were affected without their knowledge, without having to click on links or open files. Meta confirmed that fewer than 200 users were personally warned.
Patches for the vulnerability are now available. WhatsApp users on iOS must install at least version 2.25.21.73, while WhatsApp Business on iOS and the macOS version require at least 2.25.21.78. These updates greatly reduce the risk of abuse. Nevertheless, it remains important for users to remain alert. This is because zero-click attacks often take place invisibly and can cause significant damage in a short period of time.
Enable additional security options
According to researchers, there are indications that Android users may also have been affected, although the investigation initially focused on iOS and macOS. WhatsApp sent warning messages to those potentially affected and advised them to perform a full factory reset. In addition, it was recommended to activate additional security options, such as Lockdown Mode on iOS and Advanced Protection Mode on Android.
The fact that WhatsApp, one of the most widely used communication tools worldwide, was exploited for this attack shows how attractive such platforms are to malicious actors. Zero-click exploits pose a particular threat because they completely bypass traditional lines of defense such as awareness campaigns and phishing filters. For organizations, this means that rapid updates and additional security measures are not a luxury but a necessity.
The incident also highlights how advanced the spyware industry has become. Whereas attacks used to be large-scale and untargeted, we now see campaigns that focus exclusively on a limited group of targets. This makes detection more difficult and increases the likelihood that vulnerabilities will remain undetected for longer periods of time.