Whatsapp Flaw Can Let Attackers Run Malicious Code on Windows PCs
Summary:
Meta has recently issued a warning to Windows users of WhatsApp to update their messaging app to the latest version (2.2450.6) in order to patch a security vulnerability tracked as CVE-2025-30401. This vulnerability, which is categorized as a spoofing issue, could allow attackers to execute malicious code on devices by sending specially crafted files with manipulated file types to unsuspecting users. WhatsApp's advisory explained that the vulnerability impacted all previous versions of the app. It was discovered by an external researcher who reported it via Meta's Bug Bounty program. While Meta has not confirmed if the vulnerability was exploited in the wild, the company emphasized that the flaw has now been resolved with the latest release.
The vulnerability arises from the way WhatsApp for Windows handled attachments in versions prior to 2.2450.6. WhatsApp used to display attachments according to their MIME type but would select the file opening handler based on the file's extension. This mismatch between the MIME type and file extension could allow attackers to craft malicious files that, when opened, would inadvertently execute arbitrary code instead of simply displaying the attachment. This flaw posed a serious risk as it could lead to the execution of malicious scripts or software without the user's knowledge when manually opening an attachment within WhatsApp.
Security Officer Comments:
WhatsApp has faced security challenges on Windows devices in the past. In July 2024, WhatsApp addressed a similar issue that allowed Python and PHP file attachments to be executed automatically when recipients opened them, provided the devices had Python installed. Such vulnerabilities in WhatsApp’s Windows version have made the app a frequent target for various types of cyberattacks, particularly spyware attacks.
WhatsApp has also been the target of other major security issues, including the exploitation of a zero-click, zero-day vulnerability, which was used to install Paragon’s Graphite spyware. This vulnerability was reported by security researchers from the University of Toronto’s Citizen Lab and was found to affect users without any interaction required from the victim. In response, WhatsApp took quick action to mitigate the issue server-side, preventing further exploitation. The company chose not to assign a CVE ID to this particular flaw, citing its internal policies and a review of the CVE guidelines from MITRE. After resolving the issue, WhatsApp alerted approximately 90 Android users across multiple countries, including journalists and activists who were specifically targeted by this spyware.
Suggested Corrections:
To mitigate the CVE-2025-30401 vulnerability in WhatsApp for Windows, users should immediately update to version 2.2450.6 or later. This update fixes the spoofing issue by ensuring that attachments are handled correctly based on their MIME type and file extension.
Link(s):
https://www.bleepingcomputer.com/ne...-attackers-run-malicious-code-on-windows-pcs/
Meta has recently issued a warning to Windows users of WhatsApp to update their messaging app to the latest version (2.2450.6) in order to patch a security vulnerability tracked as CVE-2025-30401. This vulnerability, which is categorized as a spoofing issue, could allow attackers to execute malicious code on devices by sending specially crafted files with manipulated file types to unsuspecting users. WhatsApp's advisory explained that the vulnerability impacted all previous versions of the app. It was discovered by an external researcher who reported it via Meta's Bug Bounty program. While Meta has not confirmed if the vulnerability was exploited in the wild, the company emphasized that the flaw has now been resolved with the latest release.
The vulnerability arises from the way WhatsApp for Windows handled attachments in versions prior to 2.2450.6. WhatsApp used to display attachments according to their MIME type but would select the file opening handler based on the file's extension. This mismatch between the MIME type and file extension could allow attackers to craft malicious files that, when opened, would inadvertently execute arbitrary code instead of simply displaying the attachment. This flaw posed a serious risk as it could lead to the execution of malicious scripts or software without the user's knowledge when manually opening an attachment within WhatsApp.
Security Officer Comments:
WhatsApp has faced security challenges on Windows devices in the past. In July 2024, WhatsApp addressed a similar issue that allowed Python and PHP file attachments to be executed automatically when recipients opened them, provided the devices had Python installed. Such vulnerabilities in WhatsApp’s Windows version have made the app a frequent target for various types of cyberattacks, particularly spyware attacks.
WhatsApp has also been the target of other major security issues, including the exploitation of a zero-click, zero-day vulnerability, which was used to install Paragon’s Graphite spyware. This vulnerability was reported by security researchers from the University of Toronto’s Citizen Lab and was found to affect users without any interaction required from the victim. In response, WhatsApp took quick action to mitigate the issue server-side, preventing further exploitation. The company chose not to assign a CVE ID to this particular flaw, citing its internal policies and a review of the CVE guidelines from MITRE. After resolving the issue, WhatsApp alerted approximately 90 Android users across multiple countries, including journalists and activists who were specifically targeted by this spyware.
Suggested Corrections:
To mitigate the CVE-2025-30401 vulnerability in WhatsApp for Windows, users should immediately update to version 2.2450.6 or later. This update fixes the spoofing issue by ensuring that attachments are handled correctly based on their MIME type and file extension.
Link(s):
https://www.bleepingcomputer.com/ne...-attackers-run-malicious-code-on-windows-pcs/