A critical vulnerability in WhatsApp for Windows, tracked as CVE-2025-30401, allows attackers to execute malicious code on affected devices. This flaw, discovered and reported by an external researcher via Meta’s Bug Bounty program, impacts all versions of WhatsApp for Windows prior to 2.2450.6.
The vulnerability is categorized as a spoofing issue. Attackers exploit it by sending specially crafted files with manipulated file extensions. This mismatch tricks the WhatsApp application into using the wrong file handler, leading to unintended code execution instead of simply viewing the attachment.
“A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension,” WhatsApp explained in a security advisory.
“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”
Meta has confirmed that the vulnerability has been addressed in WhatsApp version 2.2450.6 and later. The company has not yet disclosed whether CVE-2025-30401 was exploited in real-world attacks.
This incident follows similar past vulnerabilities. In July 2024, WhatsApp patched a related issue allowing the execution of Python and PHP attachments without warning on Windows devices with those interpreters installed. Furthermore, a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware was addressed late last year. This attack was mitigated server-side, with WhatsApp alerting approximately 90 Android users about the threat.
The company’s proactive approach to security is evident in its swift response to these vulnerabilities. However, enterprises should prioritize updating their WhatsApp for Windows installations to the latest version (2.2450.6 or later) to mitigate this risk. Regular software updates and robust security practices remain crucial in protecting against such threats.
