Facebook Whatsapp Desktop For Mac vulnerabilities

5 known vulnerabilities affecting facebook/whatsapp_desktop_for_mac.

Total CVEs

5

CISA KEV

2

actively exploited

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL2MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2025-55179MEDIUMCVSS 5.4≥ 2.25.8.14, < 2.25.23.832025-11-18

CVE-2025-55179 [MEDIUM] CVE-2025-55179: Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp B Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device. We have not seen evidence of exploitation in the wild.

CVE-2025-55177CRITICALCVSS 10.0KEV≥ 2.22.25.2, < 2.25.21.782025-08-29

CVE-2025-55177 [CRITICAL] CVE-2025-55177: Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2 Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device. We assess that this vulnerability, in combination with an OS-lev

CVE-2025-43300CRITICALCVSS 10.0KEV≥ 2.22.25.2, < 2.25.21.782025-08-21

CVE-2025-43300 [CRITICAL] CWE-787 CVE-2025-43300: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is awa

CVE-2023-38538MEDIUMCVSS 5.0fixed in 2.2338.122023-10-04

CVE-2023-38538 [MEDIUM] CWE-362 CVE-2023-38538: A race condition in an event subsystem led to a heap use-after-free issue in established audio/video A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.

CVE-2023-38537MEDIUMCVSS 5.6fixed in 2.2338.122023-10-04

CVE-2023-38537 [MEDIUM] CWE-362 CVE-2023-38537: A race condition in a network transport subsystem led to a heap use-after-free issue in established A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.