CVE-2025-30259: The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...

3.5 CVSS

Description

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

Known Exploited

🚨 Marked as known exploited on March 20th, 2025 (about 1 month ago).

Classification

CVE ID: CVE-2025-30259

CVSS Base Severity: LOW

CVSS Base Score: 3.5

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Problem Types

CWE-noinfo: Insufficient information

Affected Products

Vendor: Meta

Product: WhatsApp cloud service

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.03% (probability of being exploited)

EPSS Percentile: 6.16% (scored less or equal to compared to others)

EPSS Date: 2025-04-17 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30259
https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/

Timeline

2025-03-20 00:40:11 UTC
CVE

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...
2025-03-20 00:42:41 UTC
🚨 Marked as Known Exploited