A critical vulnerability, CVE-2025-30401, was discovered in WhatsApp Desktop for Windows, affecting versions before 2.2450.6. This flaw allows attackers to execute arbitrary code by exploiting how WhatsApp handles file attachments. The vulnerability arises from a mismatch between how the application processes the MIME type and selects the file opening handler based on the extension. This discrepancy creates a dangerous loophole that attackers can exploit, leading to potential system compromise. The flaw affects all WhatsApp Desktop versions from 0.0.0 up to but not including 2.2450.6.
The vulnerability is particularly concerning because it takes advantage of user trust.
Attackers can send files that appear to be harmless images but are actually executable files. When users open the file, WhatsApp shows it as an image, but the file is actually executed. This allows cybercriminals to run arbitrary code on the victim’s machine. The attacker’s ability to craft a file with a misleading MIME type and extension creates a subtle and effective attack vector. This type of deception could have serious consequences for the victim, including data theft or system compromise.
In group chats, the risk of this vulnerability is even greater.
A single malicious file can be sent to multiple users, amplifying the damage. WhatsApp’s version history reveals this is not the first time a serious vulnerability has been found. A 2024 flaw allowed the execution of Python and PHP scripts without warning, underscoring the persistent security risks on the platform. This latest flaw is rated as high severity, with a CVSS 3.1 score reflecting the potential for remote code execution and unauthorized system access. The impact of such an exploit could range from data theft to full control over a victim’s machine.
Users of WhatsApp for Windows are strongly advised to update to version 2.2450.6 or later immediately. The update addresses the spoofing vulnerability and eliminates the risk of malicious code execution from disguised file attachments. Security professionals stress the importance of patching this vulnerability quickly to protect against potential attacks. Given the growing sophistication of cyberattacks, users must act promptly to secure their devices. Regular updates and security patches are essential to keeping systems safe from evolving threats like this.
