## https://sploitus.com/exploit?id=D8FACA64-1110-588B-842D-21E7EB2DC638
# Zero-Click, Old Tricks
Anatomy of the 2025 WhatsAppβImageIO zero-click exploit chain
(CVE-2025-55177 + CVE-2025-43300). Research paper plus an
interactive web companion with CVE walkthroughs, patch diffs,
and hands-on heap/stack labs.
**Live site:**
**Paper (PDF):** [`zero-click-old-tricks.pdf`](zero-click-old-tricks.pdf)
**Slides:** [`prezentareMCS_final.pptx`](prezentareMCS_final.pptx)
## Team
- **Θtefan-Daniel Wagner** β co-author
- **Dan-Gabriel Oltean** β co-author
- **Victor-Nicolae Matveev** β co-author
- **Emil Simion** β coordinator
Facultatea de ΘtiinΘe Aplicate, UNSTPB Β·
Master's research project, *Metodologia CercetΔrii ΘtiinΘifice*, 2025β2026.
## Screenshots
## Project layout
```
.
βββ zero-click-old-tricks.pdf final paper (CC BY 4.0)
βββ prezentareMCS_final.pptx slide deck (CC BY 4.0)
βββ web/ Flask companion site (MIT)
β βββ app.py
β βββ requirements.txt
β βββ templates/
β βββ static/
β βββ css/
β βββ js/
β βββ sections/ pre-rendered paper sections
β βββ figures/ TikZ SVGs
β βββ downloads/ PDF + slides served by the site
βββ resources/ bibliography (open-access local copies + links)
β βββ README.md full reference list with sources
βββ docs/screenshots/ screenshots used in this README
```
## Run the web companion locally
Requires Python 3.12+.
```bash
cd web
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
python app.py
```
Open . The site is fully static-backed β
paper sections, figures, and downloadables are pre-built.
## License
Dual-licensed:
- **Code** (everything under `web/`) β [MIT](LICENSE)
- **Paper content** (`zero-click-old-tricks.pdf`, `prezentareMCS_final.pptx`,
derived rendered sections under `web/static/sections/` and figures under
`web/static/figures/`) β [CC BY 4.0](LICENSE-PAPER)