CVE-2025-30259

3.5 LOW
Published: March 20, 2025 Modified: April 15, 2026
View on NVD

Description

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
Source: cve@mitre.org
https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/
Source: cve@mitre.org

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.5 / 10.0
EPSS (Exploit Probability)
0.1%
30th percentile
Exploitation Status
Not in CISA KEV