CVE-2025-30259

Sažetak

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

Reference

https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/

CVSS

Base:	3.5
Impact:	1.4
Exploitability:	1.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Zadnje važnije ažuriranje

20-03-2025 - 00:15

Objavljeno

20-03-2025 - 00:15