{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T00:22:16.182","vulnerabilities":[{"cve":{"id":"CVE-2025-30259","sourceIdentifier":"cve@mitre.org","published":"2025-03-20T00:15:13.780","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"cve@mitre.org","tags":["exclusively-hosted-service"]}],"descriptions":[{"lang":"en","value":"The WhatsApp cloud service before late 2024 did not block certain crafted PDF content that can defeat a sandbox protection mechanism and consequently allow remote access to messaging applications by third parties, as exploited in the wild in 2024 for installation of Android malware associated with BIGPRETZEL."},{"lang":"es","value":"Antes de finales de 2024, el servicio en la nube WhatsApp no bloqueaba determinados contenidos PDF manipulados que pueden vencer un mecanismo de protección de la sandbox y, en consecuencia, permitir el acceso remoto a aplicaciones de mensajería por parte de terceros, como se explotó en 2024 para la instalación de malware de Android asociado con BIGPRETZEL."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"references":[{"url":"https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/","source":"cve@mitre.org"},{"url":"https://www.bleepingcomputer.com/news/security/whatsapp-patched-zero-day-flaw-used-in-paragon-spyware-attacks/","source":"cve@mitre.org"}]}}]}