A critical vulnerability in WhatsApp for Windows, tracked as CVE-2025-30401, allowed malicious actors to execute malicious code via seemingly harmless file attachments.
This flaw affected all versions of WhatsApp Desktop prior to 2.2450.6.
WhatsApp said the vulnerability stemmed from a mismatch in how WhatsApp handled file attachments: it displayed files based on their MIME type (such as an image) but opened them based on their filename extension (for instance, .exe).
This discrepancy allowed attackers to craft files that appeared safe but executed malicious code when opened within WhatsApp.
Meta explained in its official advisory, “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.” Exploiting this required user interaction, such as manually opening a rigged attachment, making targeted attacks more likely.
The vulnerability has since been patched and users are strongly urged to update their applications immediately to mitigate risks. This incident underscores the importance of caution with file attachments and regular software updates to protect against evolving threats.
A Bad Few Weeks for WhatsApp Users
“It’s been a bad few weeks in the news for WhatsApp users, at the end of last week we heard that last year one in five scams in the UK happened on WhatsApp, with WhatsApp scams up by 67% in the second half of last year,” said Adam Pilton, Senior Cybersecurity Consultant at CyberSmart. “In addition to this we heard that the platform where most scams occurred in 2024 were Meta platforms, the likes of Facebook, Instagram and of course WhatsApp.”
Pilton said it’s essential to highlight that this WhatsApp vulnerability impacts Windows desktop users. “Most people will be part of a WhatsApp group where it is common for images to be shared and this is where this vulnerability becomes dangerous, because if a cybercriminal was able to share this image either in your group or with someone you trust who then goes on to share it in your group, anybody in that group could unknowingly execute the malicious code associated with the shared image.”
On the plus side, the solution is at hand and simple to achieve and that is to apply an update to WhatsApp, added Pilton. “Cyber criminals will continue to exploit vulnerabilities within the software we use and the software providers will continue to provide updates or patches that protect us against the attacks that cyber criminals use. This is why vulnerability management AKA applying the updates that software providers issue, is so important!”
A Nasty Vulnerability
Adam Brown, managing security consultant at Black Duck, said: “This is a particularly nasty vulnerability for the everyday user. Due to a failing in WhatsApp, a malicious program can easily be disguised as an attached image file. When the user clicks such an attachment in WhatsApp Web for Windows, the program executes on their Windows machine. A malicious attachment could be used for data theft, running malware or spreading it, account and identity theft, or anything a nefarious actor chooses.
Brown said everyone must be careful when clicking on attachments, even if they come from people they know, and Windows users of the app should be particularly vigilant. “Windows WhatsApp users should upgrade to version 2.2450.6 or later when the issue is fixed. To avoid such bugs, engineers should keep threat models up to date and, especially in this case, engage coding standards and code review, both automated and manual, to protect their bottom line by building trust in their software.”
A High Level of Trust
“Because WhatsApp is so entrenched with our communication and working habits, we have developed automatisms, a high level of trust, and a dependency that attackers love to exploit as is happening with this vulnerability in the windows client,” added Dr Martin Kraemer, Security Awareness Advocate at KnowBe4. “The vulnerability must not be taken lightly and users should update their software to the newest version now.
A general word of caution: While we love to share videos and pictures through the platform, be extremely careful when opening attachments or files. Think of whatsapp the same way as email. You would not want to open an unexpected email attachment, especially not from someone you do not know. You also would not want to forward attachments that pose risks to friends or family. If in doubt, delete the message and file.”
Pilton recently posted on Linkedin regarding the cyber issues that WhatsApp have been facing which you can find here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.