National CSIRT-CY | National Computer Security Incident Response Team of Cyprus - WhatsApp Zero-Click exploit affecting iOS and macOS

WhatsApp Zero-Click exploit affecting iOS and macOS

05 Σεπτεμβρίου 2025

The Digital Security Authority (DSA) wants to bring to your attention a vulnerability affecting WhatsApp.

Technical Details

A vulnerability with a CVSS score of 8.0 has been disclosed regarding WhatsApp instances in iOS and macOS devices.
The flaw allows a malicious actor to target unrelated victims to process content from an arbitrary url.
The vulnerability is zero click which means that the exploit does not require user interaction.
This vulnerability has been discovered by researchers within the WhatsApp security team.
WhatsApp recommends users to maintain their operating systems up to date.

Affected Products

- WhatsApp for iOS version 2.25.21.73
- WhatsApp Business for iOS version 2.25.21.78
- WhatsApp for Mac version 2.25.21.78

Recommendations

The Digital Security Authority recommends to make sure that your apple devices operating systems as well as WhatsApp are updated to the latest versions.

References

Common Vulnerabilities & Exposures

The information presented in this report is based on available data up to the 1st of September 2025.

[ Get the report in .PDF ]

National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

WhatsApp Zero-Click exploit affecting iOS and macOS

05 Σεπτεμβρίου 2025

Cyber threats require heightened defences

Working towards a trusted and cyber secure Europe

Protect your cyber hygiene

Cyber Europe 2022 [exercise]