CVE-2025-30401

Published: Apr 5, 2025

Modified: Apr 9, 2025

PUBLISHED

Description

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.

Vendor	Product	Versions
Facebook	WhatsApp Desktop for Windows	affected `0.0.0 - < 2.2450.6`

References

https://www.facebook.com/security/advisories/cve-2025-30401

x_refsource_CONFIRM

https://www.whatsapp.com/security/advisories/2025/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-30401

Description

Affected Products

References