WhatsApp Users at Risk: CERT-In Issues Warning Over Critical Security Flaw Allowing Data Theft

India’s cyber security agency, CERT-In, has issued a high-severity alert for WhatsApp users after discovering a serious vulnerability in the app. The flaw, identified as CVE-2025-55177, could allow hackers to bypass authorization checks and steal sensitive data, including personal chats, media, and files.

According to the advisory, the vulnerability specifically affects WhatsApp on iOS and Mac devices, leaving millions of users at risk if they do not update to the latest version.

What Is the Threat?

The flaw has been traced to WhatsApp’s linked-device sync system, which contains errors in authorization processing. By exploiting this weakness, cybercriminals can send malicious links to targeted users. Once clicked, these links may silently grant attackers access to private conversations, stored media, and personal data.

CERT-In further revealed that in some cases, this flaw has been combined with another iOS vulnerability, identified as CVE-2025-43300, to launch more sophisticated attacks. This means that hackers can potentially strengthen their exploit chain, making it even harder for victims to detect unauthorized access.

Who Is Most at Risk?

The vulnerability affects specific versions of WhatsApp and WhatsApp Business on iOS and Mac devices. The government advisory has listed the following versions as particularly unsafe:

• WhatsApp for iOS versions older than 2.25.21.73

• WhatsApp Business for iOS version 2.25.21.78

• WhatsApp for Mac version 2.25.21.78

Users running these versions are strongly advised to update their apps immediately to avoid falling victim to potential cyberattacks.

How to Stay Safe

The Indian government has outlined several precautionary steps to help users safeguard their WhatsApp accounts:

1. Update Immediately: Download and install the latest version of WhatsApp from the App Store. The company has already rolled out a security patch addressing the issue.

2. Enable Auto-Update: Turn on automatic updates to ensure your device always runs the most secure version of the app.

3. Avoid Suspicious Links: Do not click on links from unknown or untrusted sources, as attackers may use phishing techniques to exploit this flaw.

4. Check Linked Devices: Regularly review and manage linked devices connected to your WhatsApp account to ensure no unauthorized access.

Why This Alert Is Serious

WhatsApp is the most widely used messaging app in India, with over 400 million active users. A vulnerability of this scale poses a massive risk not only to individual privacy but also to businesses that rely on WhatsApp for customer communication and transactions.

Security experts have warned that cybercriminals are increasingly exploiting combined flaws in apps and operating systems to launch more powerful attacks. The recent discovery highlights the growing sophistication of cyber threats and underlines the importance of timely updates.

Final Advice

CERT-In has stressed that prevention is the best defense. By updating WhatsApp to the latest version and following safe online practices, users can significantly reduce their risk of falling victim to cyberattacks.

As cybercriminals continue to find new ways to exploit vulnerabilities, staying alert and proactive is key. Every WhatsApp user—whether for personal or business use—should immediately update the app and remain cautious of suspicious activities.