Summary: Meta has issued a warning for Windows users to update the WhatsApp messaging app due to a critical vulnerability (CVE-2025-30401) that could allow attackers to execute malicious code. The flaw, related to file handling based on filename extension, was found in all WhatsApp versions prior to 2.2450.6 and has since been patched. This vulnerability follows a trend of similar issues affecting WhatsApp, which has been targeted in past spyware attacks.
Affected: WhatsApp messaging app
Keypoints :
- Vulnerability CVE-2025-30401 allows attackers to exploit spoofing issues via malicious file attachments.
- The flaw affects all WhatsApp versions prior to the latest update (2.2450.6).
- External researchers reported this vulnerability through Meta’s Bug Bounty program.
- WhatsApp addressed a similar zero-click vulnerability related to spyware attacks in early 2024.
- Recent court rulings highlight the misuse of WhatsApp vulnerabilities by spyware makers like NSO Group.