threat
engine
.sh
Back
·
··:··
Home
/
Product
/
whatsapp business
Product
whatsapp business
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-55179
>= 2.25.8.14 and < 2.25.23.82
Incomplete validation of rich response messages in WhatsApp for iOS prior to v2.25.23.73, WhatsApp Business for iOS v2.25.23.82, a
5.4
MEDIUM
CVE-2025-55177
>= 2.22.25.2 and < 2.25.21.78
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for
5.4
MEDIUM
CVE-2022-36934
< 2.22.16.12
An integer overflow in WhatsApp could result in remote code execution in an established video call.
9.8
CRITICAL
CVE-2021-24043
all versions
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2
9.1
CRITICAL
CVE-2021-24041
< 2.21.22.7
A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.
9.8
CRITICAL
CVE-2021-24035
< 2.21.8.13
A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v
9.1
CRITICAL
CVE-2021-24027
< 2.21.4.18
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed
7.5
HIGH
CVE-2021-24026
< 2.21.3
A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Bu
9.8
CRITICAL
CVE-2020-1910
< 2.21.1.13
A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and WhatsApp Business for Android prior to v2.21.1.13 could hav
7.8
HIGH
CVE-2020-1909
< 2.20.111
A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 coul
9.8
CRITICAL
CVE-2020-1908
< 2.20.100
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitte
4.6
MEDIUM
CVE-2020-1907
< 2.20.196.12
A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for
9.8
CRITICAL
CVE-2020-1906
< 2.20.46
A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowe
7.8
HIGH
CVE-2020-1904
< 2.20.61
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed f
5.5
MEDIUM
CVE-2020-1903
< 2.20.61
An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior t
5.5
MEDIUM
CVE-2020-1902
>= 2.20.35 and <= 2.20.49
A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Busine
7.5
HIGH
CVE-2020-1894
< 2.20.20
A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iP
8.8
HIGH
CVE-2020-1891
< 2.20.7
A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v
9.8
CRITICAL
CVE-2020-1890
< 2.20.2
A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have cau
7.5
HIGH
CVE-2020-1886
< 2.20.2
A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed
8.8
HIGH
CVE-2019-11931
< 2.19.104
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue
7.8
HIGH
CVE-2018-6350
< 2.18.276
An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for
9.8
CRITICAL
CVE-2018-6349
< 2.18.132
When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba
9.8
CRITICAL
CVE-2018-6339
>= 2.18.103 and < 2.18.150
When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed
9.8
CRITICAL
CVE-2018-20655
< 2.18.90.24
When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based
9.8
CRITICAL
CVE-2019-3568
< 2.19.44
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets
9.8
CRITICAL
CVE-2019-3566
>= 2.19.22 and <= 2.19.38
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over a WhatsApp
5.9
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin