Meta has issued a strong advisory for all WhatsApp users on Windows to immediately update their apps, following the discovery of a critical vulnerability that could allow attackers to execute malicious code on target devices.
The flaw, identified as CVE-2025-30401, is a spoofing vulnerability that could be triggered by sending maliciously crafted attachments with mismatched file types. This issue stems from WhatsApp’s handling of attachments — while the app displayed files based on their MIME type, it executed them based on the file extension. This subtle mismatch could trick users into unknowingly running harmful files.
ALSO READ: “DFIR Capability Maturity Assessment Framework” by ALGORITHA
Meta revealed in an official advisory that a maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.
The vulnerability has been addressed in the latest WhatsApp version 2.2450.6, and users are strongly recommended to update to this version without delay.
The security flaw was responsibly disclosed via Meta’s Bug Bounty program by an external researcher. While Meta has not confirmed any in-the-wild exploitation of the bug, the potential impact makes the flaw particularly alarming.
This isn’t WhatsApp’s first brush with such critical vulnerabilities. In July 2024, the platform fixed a similar issue where Python and PHP files could be executed silently when opened on Windows systems with Python installed.
More recently, WhatsApp was targeted in a sophisticated zero-click attack that leveraged a zero-day vulnerability to install Paragon’s Graphite spyware on devices — without any user interaction. Although no client-side update was required, Meta took swift server-side action and notified nearly 90 Android users across 25+ countries, including journalists and activists.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
In a related legal development, a U.S. federal judge ruled last December that the Israeli spyware firm NSO Group unlawfully exploited WhatsApp zero-day vulnerabilities to deploy Pegasus spyware on over 1,400 devices, breaching U.S. cybercrime laws. Court filings revealed how NSO reverse-engineered WhatsApp to deliver stealth spyware-laced messages.
Given WhatsApp’s high-profile user base and history of being a prime target for spyware and surveillance, keeping the app updated is not just a good practice—it’s essential. If you’re on Windows, ensure you’re running version 2.2450.6 or later to stay protected.
