WhatsApp has encouraged users to upgrade following the resolution of a security vulnerability on the instant messaging platform.
The insect, with the appealing moniker of CVE-2025-30401 It impacts older versions of WhatsApp Desktop for Windows computers.
Experts caution that failure to update might endanger personal information.
What is the bug?
The bug renders people's computers susceptible to 'spoofing,' where cyber criminals masquerade their malicious software as an attachment containing images.
By clicking on the image, malware can infiltrate the device, enabling hackers to run code – where a script instructs the devices on their actions.
The assault, known as arbitrary code execution, employs a malicious program to create an opening in the device’s defenses, enabling criminals to pilfer passwords, disable security features, and potentially take full control of the gadget.
In the desktop edition of WhatsApp, the instant messaging application organizes attachments according to their MIME type – which is metadata indicating the file format.
However, due to the bug, WhatsApp would open the file according to its filename extension—the small tag indicating the file type, such as ‘.mp3’ for an audio file.
Or '.exe', which stands for 'executable,' refers to a series of commands for a computer. Experts warned that the concern lies with cybercriminals hiding these executable files within seemingly innocuous images to launch attacks.
The firm stated, “In versions of WhatsApp for Windows before 2.2450.6, an spoofing vulnerability showed attachments based on their MIME type; however, the system chose the method to open the file depending on the attachment’s file extension.” security advisory .
'A deliberately designed discrepancy might have led the receiver to accidentally run arbitrary code instead of viewing the attachment upon manually opening it within WhatsApp.'
This update has fixed the vulnerability, therefore users should promptly upgrade their WhatsApp for Windows to version 2.2450.6 or higher.
After completing the full update of the software, individuals' confidential information will be protected.
WhatsApp or its parent corporation Meta did not mention that the vulnerability has been leveraged in actual attack scenarios.
The vulnerability CVE-2025-30401 was brought to Meta’s bug bounty initiative by an analyst.
"Consider WhatsApp in the same vein as email," Dr. Martin Kraemer, a security awareness advocate at KnowBe4, stated. Forbes .
'You wouldn't desire to open an unforeseen email attachment, particularly one coming from an unfamiliar sender.'
'You wouldn’t want to send attachments that could be risky to your friends or family either. When unsure, it’s best to delete the message and report it.'
Contact our news team by sending an email to webnews@Massima.co.uk .
To find similar tales, check our news page .
Get the latest on all the buzzworthy stories by subscribing to Massima's News Updates newsletter.