KEVIntel
Back to KEVs
3.5
CVSS
Low

CVE-2025-30259

PUBLISHED

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and...

Exploited in the wild Remote No user interaction
Vendor
Meta
Product
WhatsApp cloud service
Published
Mar 19, 2025
EPSS

Description

The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL.

android

CVSS scores

CVSS v3.1 3.5 Low

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2025-03-19 00:00:00 UTC · Source

SSVC decision points

Exploitation
none
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE Mar 19, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel