A serious vulnerability in WhatsApp for Windows, identified as CVE-2025-30401, has been discovered, allowing malicious actors to execute harmful code via innocuous-looking file attachments. The flaw impacts all versions of WhatsApp Desktop prior to 2.2450.6. WhatsApp has acknowledged the issue, explaining that it arises from a mismatch in handling file attachments, where files are displayed based on their MIME type but opened according to their filename extension.
This discrepancy has made it possible for cybercriminals to create seemingly harmless files that execute malicious code when opened in the application. According to WhatsApp’s official advisory, “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.” As a result, attacks exploiting this vulnerability require direct user interaction, thereby increasing the likelihood of targeted attacks.
The vulnerability has been promptly patched, and users are urged to update their applications immediately to mitigate risks. The incident highlights the critical need for vigilance with file attachments and the necessity of regular software updates to defend against ever-evolving cyber threats.
Adam Pilton, a Senior Cybersecurity Consultant at CyberSmart, remarked on the importance of this flaw, particularly given the recent rise in scams via WhatsApp, where a report indicated that one in five scams in the UK last year occurred on the platform. Pilton emphasized that while the simple solution is to apply the update, users must remain cautious about the files shared within their networks.
Experts underscore the necessity of education regarding secure practices, with Adam Brown, managing security consultant at Black Duck, noting the prevalent dangers of opening attachments without vigilant scrutiny. The rising dependence on WhatsApp for communication only serves to amplify these risks, particularly for Windows users of the app.