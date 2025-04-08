If you are using WhatsApp for Windows, then you need to be cautious. Meta has warned that a security vulnerability could trick unwary users into downloading and installing malware. The vulnerability, a spoofing one, tracked under ID CVE-2025-30401, allows threat actors and cyberattackers to disguise harmful malicious code in the form of harmless attachment files.

Normally, if you receive an attachment, WhatsApp identifies it by its MIME (Multipurpose Internet Mail Extensions) type (for example, a file could be identified as an image, document, or video based on its actual content). However, when you manually open the attachment, WhatsApp uses the file's extension, like .jpg or .exe, to decide how to handle it.

The issue arises if the attachment is crafted with a deliberate mismatch by a threat actor. For example, the MIME type might suggest it's an image (so WhatsApp shows it as an image), but the file extension might actually indicate it’s a program (like .exe).

If the recipient manually opens the attachment, expecting to view a harmless image, the system might instead execute the hidden program. This could allow the attacker’s code to run on the victim's device without their knowledge, potentially causing harm like stealing data, installing malware, or hijacking the system.

Meta, in its security advisory, explains (link1, link2):

CVE-2025-30401 Description: A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. Affected Version Information: WhatsApp Desktop for Windows (Facebook) Default Status: unaffected affected from 0.0.0 before 2.2450.6



Thus, users are advised to download and install version 2.2450.6 or newer of WhatsApp for Windows. You can get it from the WhatsApp official website or the Microsoft Store.