Windows PCs at risk from WhatsApp flaw (CVE-2025-30401)

Posted on 2025-04-12 by guenni

[German]A vulnerability in WhatsApp for Windows (before version 2.2450.6) puts Windows computers at risk. The vulnerability could allow attackers to execute malicious code via WhatsApp message attachments on Windows.

Advertising

WhatsApp vulnerability CVE-2025-30401

The vulnerability CVE-2025-30401

relates to a spoofing issue in WhatsApp for Windows prior to version 2.2450.6. These old versions display attachments in WhatsApp messages according to their MIME type. However, the file open handler makes the selection based on the file name extension of the attachment. A malicious attachment could cause the recipient to inadvertently execute arbitrary code when manually opening the attachment in WhatsApp instead of viewing the attachment. There is no evidence of exploitation in the wild.

WhatsApp vulnerability CVE-2025-20401

A few days ago, our colleagues at Bleeping Computer compiled some more information in the article WhatsApp flaw can let attackers run malicious code on Windows PCs. In this security advisory, Meta warns Windows users about the vulnerability and advises them to urgently update the WhatsApp messaging app for Windows to the latest version.

Advertising
This entry was posted in Security, Software, Update, Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).