WhatsApp for Windows: spoofing issue in WhatsApp Desktop for Windows (CVE-2025-30401) #shorts

Summary

Meta has released an urgent security update for WhatsApp Desktop for Windows to address CVE-2025-30401, a spoofing vulnerability that could trick users into executing malicious code when opening an attachment. This flaw affects all versions prior to 2.2450.6 and, while no in-the-wild exploitation has been observed, it poses a significant risk to user security.

Product details

The affected product is WhatsApp Desktop for Windows, maintained by Facebook (Meta). Versions earlier than 2.2450.6 are vulnerable. WhatsApp Desktop is widely used by individuals and organizations for encrypted messaging and file sharing, making timely patching critical for a large user base.

Vulnerability type summary

CVE-2025-30401 is classified under CWE-430: Improper Neutralization of Control or Redirect for Files and Caching. It’s a spoofing weakness where an attacker can manipulate MIME type and file extension mismatches to alter the behavior of file-opening handlers.

Details of the vulnerability

WhatsApp Desktop displays attachments according to their MIME type but selects the file opening application based on the file’s extension. An attacker could craft a file with a benign MIME type (for example, an image) while disguising its extension to a dangerous executable. When the recipient views the attachment, it appears safe, and if they manually open it within WhatsApp, the system launches the handler for the executable extension, potentially running arbitrary code on the victim’s machine. No evidence of this being exploited in the wild has been reported, but the risk remains high.

Conclusion

All users of WhatsApp Desktop for Windows should immediately update to version 2.2450.6 or later to eliminate this spoofing vulnerability. Beyond patching, users must remain vigilant when opening attachments, verify file origins, and adhere to security best practices to prevent social engineering attacks. Staying current with software updates is the best defense against emerging threats.

Watch the full video on YouTube: CVE-2025-30401

Remediation and exploitation details

This chain involves the following actors

This following systems are involved

Attack entry point

Remediation actions

Exploitation actions

Related Content

NOTE: The following related content has not been vetted and may be unsafe.

CVE database technical details

CVE ID
CVE-2025-30401
Description
A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.
Provider
facebook
CWE / problem types
CWE-430
Affected Software Versions
Facebook:WhatsApp Desktop for Windows:[{'lessThan': '2.2450.6', 'status': 'affected', 'version': '0.0.0', 'versionType': 'semver'}]
Date Published
2025-04-05T11:47:54.836Z
Last Updated
2025-04-09T17:19:56.351Z