Meta warned Home windows customers to replace the WhatsApp messaging app to the most recent model to patch a vulnerability that may let attackers execute malicious code on their units.
Described as a spoofing problem and tracked as CVE-2025-30401, this security flaw will be exploited by attackers by sending maliciously crafted recordsdata with altered file sorts to potential targets.
Meta says the vulnerability impacted all WhatsApp variations and has been mounted with the discharge of WhatsApp 2.2450.6.
“A spoofing problem in WhatsApp for Home windows previous to model 2.2450.6 displayed attachments based on their MIME kind however chosen the file opening handler primarily based on the attachment’s filename extension,” WhatsApp defined in a Tuesday advisory.
“A maliciously crafted mismatch might have brought about the recipient to inadvertently execute arbitrary code moderately than view the attachment when manually opening the attachment inside WhatsApp.”
Meta says an exterior researcher discovered and reported the flaw through a Meta Bug Bounty submission. The corporate has but to share if CVE-2025-30401 was exploited within the wild.
In July 2024, WhatsApp addressed a barely related problem that allowed Python and PHP attachments to be executed with out warning when recipients opened them on Home windows units with Python put in.
Usually focused in adware assaults
Extra not too long ago, following studies from security researchers on the College of Toronto’s Citizen Lab, WhatsApp additionally patched a zero-click, zero-day security vulnerability that was exploited to put in Paragon’s Graphite adware.
The corporate stated the assault vector was addressed late final yr “with out the necessity for a client-side repair” and determined towards assigning a CVE-ID after “reviewing the CVE pointers revealed by MITRE, and [its] personal inside insurance policies.”
On January 31, after mitigating the security problem server-side, WhatsApp alerted roughly 90 Android customers from over two dozen international locations, together with Italian journalists and activists who have been focused in Paragon adware assaults utilizing the zero-click exploit.
Final December, a U.S. federal choose additionally dominated that Israeli adware maker NSO Group used WhatsApp zero-days to deploy Pegasus adware on at the very least 1,400 units, thus violating U.S. hacking legal guidelines.
Courtroom paperwork revealed that NSO allegedly deployed Pegasus adware in zero-click assaults that exploited WhatsApp vulnerabilities utilizing a number of zero-day exploits. The paperwork additionally stated that the adware maker’s builders reverse-engineered WhatsApp’s code to create instruments that despatched malicious messages that put in adware, violating federal and state legal guidelines.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and methods to defend towards them.
