A critical vulnerability in WhatsApp for Windows that could allow attackers to execute malicious code through seemingly innocent file attachments. 

The spoofing vulnerability, officially tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6 and poses a significant risk to users who interact with attachments sent through the platform.

The spoofing issue stems from a fundamental flaw in how WhatsApp for Windows processes file attachments. 

According to the official security advisory, the application “displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension.” 

This discrepancy created a dangerous loophole that malicious actors could exploit.

When a user receives an attachment in WhatsApp, the application shows the file type based on its MIME type (e.g., displaying it as an image), while the operating system decides how to open the file based on its extension (e.g., .exe). 

An attacker could craft a file with a misleading combination of MIME type and filename extension, causing users to inadvertently execute arbitrary code when manually opening what appeared to be a harmless attachment.

Application Security is no longer just a defensive play, Time to Secure -> Free Webinar

WhatsApp for Windows Vulnerability

The attack vector is particularly concerning because it leverages user trust. A cybercriminal could send what appears to be a standard image file within WhatsApp, but the attachment might actually have an executable extension. 

When the recipient opens this attachment directly from within WhatsApp, instead of viewing an image, they would unknowingly execute potentially malicious code.

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” stated the official advisory from Facebook, WhatsApp’s parent company.

The summary of the vulnerability is given below:

Risk FactorsDetailsAffected ProductsWhatsApp Desktop for Windows versions from 0.0.0 up to, but not including, 2.2450.6ImpactArbitrary code execution via spoofed file attachmentsExploit PrerequisitesRemote exploitation possible; requires sending malicious file attachments to the victimCVSS 3.1 ScoreHigh

Impact & Affected Versions

The vulnerability affects all WhatsApp Desktop for Windows releases from version 0.0.0 up to but not including 2.2450.6. 

CVE-2025-30401 is rated as high severity due to the potential for remote code execution, which could lead to unauthorized system access or data theft.

Security analysts note that this vulnerability is particularly dangerous in group chat scenarios, where malicious attachments could reach multiple victims simultaneously.

This isn’t the first time messaging platforms have faced similar security challenges. In 2024, security researcher Saumyajeet Das discovered a separate vulnerability in WhatsApp for Windows that allowed the execution of Python and PHP scripts without warning when opened. 

Users of WhatsApp for Windows are strongly encouraged to update their applications immediately to version 2.2450.6 or later, which addresses the spoofing vulnerability.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try 50 Request for Free