When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

WhatsApp attachment flaw could trick Windows users into downloading and installing malware

Neowin · with 6 comments

If you are using WhatsApp for Windows, then you need to be cautious. Meta has warned that a security vulnerability could trick unwary users into downloading and installing malware. The vulnerability, a spoofing one, tracked under ID CVE-2025-30401, allows threat actors and cyberattackers to disguise harmful malicious code in the form of harmless attachment files.

WhatsApp listing open on Microsoft Store in Windows 11

Normally, if you receive an attachment, WhatsApp identifies it by its MIME (Multipurpose Internet Mail Extensions) type (for example, a file could be identified as an image, document, or video based on its actual content). However, when you manually open the attachment, WhatsApp uses the file's extension, like .jpg or .exe, to decide how to handle it.

The issue arises if the attachment is crafted with a deliberate mismatch by a threat actor. For example, the MIME type might suggest it's an image (so WhatsApp shows it as an image), but the file extension might actually indicate it’s a program (like .exe).

If the recipient manually opens the attachment, expecting to view a harmless image, the system might instead execute the hidden program. This could allow the attacker’s code to run on the victim's device without their knowledge, potentially causing harm like stealing data, installing malware, or hijacking the system.

Meta, in its security advisory, explains (link1, link2):

CVE-2025-30401

Description: A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.

Affected Version Information:

  • WhatsApp Desktop for Windows (Facebook)
    • Default Status: unaffected
    • affected from 0.0.0 before 2.2450.6

Thus, users are advised to download and install version 2.2450.6 or newer of WhatsApp for Windows. You can get it from the WhatsApp official website or the Microsoft Store.

Report a problem with article
Xbox Controller with a Microsoft Edge logo
Next Article

Microsoft updates Edge Game Assist with improved UI, new games support, and more

Galaxy S25 Edge
Previous Article

Samsung Galaxy S25 Edge might be initially exclusive to Korea and China

Join the conversation!

Login or Sign Up to read and post a comment.

6 Comments - Add comment