CVE-2025-30259

CVSS 3.5 LOWEPSS 0.2%

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Produtos afetados

Meta · WhatsApp cloud service

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/