Skip to main content

Whatsapp Business

21 CVEs product

Monthly

CVE-2025-55179 MEDIUM This Month

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Whatsapp Whatsapp Business iOS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55177 MEDIUM KEV THREAT Act Now

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Authentication Bypass Apple Whatsapp Whatsapp Business iOS
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-36934 CRITICAL POC Act Now

An integer overflow in WhatsApp could result in remote code execution in an established video call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Heap Overflow Buffer Overflow Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2021-24041 CRITICAL Act Now

A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2021-24035 CRITICAL Act Now

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2021-24027 HIGH This Week

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2021-24026 CRITICAL Act Now

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption Google Whatsapp +1
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-1909 CRITICAL Act Now

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Use After Free +2
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2020-1908 MEDIUM This Month

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Whatsapp Whatsapp Business
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2020-1907 CRITICAL Act Now

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple RCE Google +2
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2020-1906 HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Heap Overflow Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-1904 MEDIUM This Month

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Whatsapp Whatsapp Business
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2020-1903 MEDIUM This Month

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Whatsapp Whatsapp Business
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2020-1902 HIGH This Week

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2020-1894 HIGH This Week

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption RCE Whatsapp +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-1891 CRITICAL Act Now

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption Whatsapp Whatsapp Business
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2020-1890 HIGH This Week

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp Whatsapp Business
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2020-1886 HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2019-11931 HIGH This Week

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Stack Overflow Apple Whatsapp +2
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-3568 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple RCE Google +3
NVD
CVSS 3.1
9.8
EPSS
39.2%
CVE-2019-3566 MEDIUM This Month

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Whatsapp Whatsapp Business
NVD
CVSS 3.1
5.9
EPSS
1.1%
EPSS 0% CVSS 5.4
MEDIUM This Month

Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, and WhatsApp for Mac v2.25.23.83 could have allowed a user to trigger. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Information Disclosure Whatsapp +2
NVD
EPSS 1% CVSS 5.4
MEDIUM KEV THREAT Act Now

Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Authentication Bypass Apple Whatsapp +2
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An integer overflow in WhatsApp could result in remote code execution in an established video call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Heap Overflow Buffer Overflow +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Google +2
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Path Traversal Whatsapp +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business for Android prior to v2.21.3, WhatsApp for iOS prior to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Memory Corruption +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resulted in memory corruption, crashes and potentially code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple +4
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Whatsapp +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Apple +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Google Heap Overflow +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apple Whatsapp +1
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Whatsapp +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone prior to v2.20.30, and WhatsApp Business for iPhone prior to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +3
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Memory Corruption +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Whatsapp +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google Whatsapp +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Buffer Overflow Stack Overflow +4
NVD
EPSS 39% CVSS 9.8
CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Apple +5
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Google Whatsapp +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy