Summary: A security advisory from Facebook reveals a spoofing vulnerability in WhatsApp for Windows (CVE-2025-30401) that could allow attackers to execute arbitrary code by manipulating file attachments. This issue arises from a discrepancy between how the application displays MIME types and handles file extension openings. Users of vulnerable versions are urged to update their application to version 2.2450.6 or later to mitigate this risk.
Affected: WhatsApp for Windows (versions 0.0.0 to 2.2450.5)
Keypoints :
- Vulnerability tracked as CVE-2025-30401 allows for file spoofing based on MIME types and filename extensions.
- Affected versions of WhatsApp for Windows are from 0.0.0 up to but not including 2.2450.6.
- Mitigation involves updating to version 2.2450.6 or later to secure attachment handling.
- This vulnerability exploits user trust in application file handling, making it particularly dangerous.
- Users are strongly encouraged to update immediately to protect against potential attacks.