WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)

WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code.

Meta classifies the vulnerability as a spoofing issue that makes all WhatsApp for Windows versions prior to v2.2450.6 display sent attachments according to their MIME (media) type – i.e., the metadata that says what kind of file it is: audio, image, message, text, application, etc. – but selects the file opening handler based on the attachment’s filename extension.

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” Meta says.

For example, a malicious sender may make the attachment look like an innocuous image file while actually being a malicious script or executable.

CVE-2025-30401 was reported by an external researcher via Meta’s bug bounty program and there’s no mention of it being exploited.

A vulnerability like this could be a boon for malware and spyware peddlers, though the latter have an obvious preference for zero-click exploits, i.e., they prefer to exploit so called “zero-click” vulnerabilities, which require no action on the user’s part to work.

Users are advised to update WhatsApp for Windows to the latest available version as soon as possible.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!