A security advisory from Facebook details a spoofing vulnerability in WhatsApp for Windows, highlighting a potential risk where malicious actors could trick users into executing arbitrary code. The vulnerability, tracked as CVE-2025-30401, stems from how the application handles file attachments.
The advisory explains that βa spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachmentβs filename extension.β This discrepancy could be exploited by a malicious attacker.
Hereβs how the attack could work: A cybercriminal could craft a file that has a misleading combination of MIME type and filename extension. For example, a file might be displayed as an image (MIME type) within WhatsApp, but have an executable extension (.exe). The affected versions of WhatsApp for Windows are:
affected: from 0.0.0 before 2.2450.6The advisory indicates that the default status is βunaffected,β but clarifies that versions from 0.0.0 up to, but not including, 2.2450.6 are vulnerable.
The primary mitigation for this vulnerability is to update WhatsApp for Windows to version 2.2450.6 or later. This update addresses the spoofing issue and ensures that attachments are handled securely.
This type of spoofing vulnerability can be particularly dangerous because it relies on user trust. Users generally trust that applications will handle files in a safe and predictable manner. By exploiting this trust, attackers can potentially bypass security measures and gain unauthorized access to systems.
Users of WhatsApp for Windows are strongly encouraged to update their applications immediately to protect themselves from this vulnerability.