Meta warned Home windows customers to replace the WhatsApp messaging app to the most recent model to patch a vulnerability that may let attackers execute malicious code on their gadgets.
Described as a spoofing situation and tracked as CVE-2025-30401, this safety flaw may be exploited by attackers by sending maliciously crafted recordsdata with altered file sorts to potential targets.
Meta says the vulnerability impacted all WhatsApp variations and has been mounted with the discharge of WhatsApp 2.2450.6.
“A spoofing situation in WhatsApp for Home windows previous to model 2.2450.6 displayed attachments based on their MIME sort however chosen the file opening handler primarily based on the attachment’s filename extension,” WhatsApp defined in a Tuesday advisory.
“A maliciously crafted mismatch might have brought about the recipient to inadvertently execute arbitrary code slightly than view the attachment when manually opening the attachment inside WhatsApp.”
Meta says an exterior researcher discovered and reported the flaw by way of a Meta Bug Bounty submission. The corporate has but to share if CVE-2025-30401 was exploited within the wild.
In July 2024, WhatsApp addressed a barely related situation that allowed Python and PHP attachments to be executed with out warning when recipients opened them on Home windows gadgets with Python put in.
Usually focused in spyware and adware assaults
Extra just lately, following studies from safety researchers on the College of Toronto’s Citizen Lab, WhatsApp additionally patched a zero-click, zero-day safety vulnerability that was exploited to put in Paragon’s Graphite spyware and adware.
The corporate stated the assault vector was addressed late final yr “with out the necessity for a client-side repair” and determined in opposition to assigning a CVE-ID after “reviewing the CVE pointers revealed by MITRE, and [its] personal inside insurance policies.”
On January 31, after mitigating the safety situation server-side, WhatsApp alerted roughly 90 Android customers from over two dozen nations, together with Italian journalists and activists who have been focused in Paragon spyware and adware assaults utilizing the zero-click exploit.
Final December, a U.S. federal choose additionally dominated that Israeli spyware and adware maker NSO Group used WhatsApp zero-days to deploy Pegasus spyware and adware on no less than 1,400 gadgets, thus violating U.S. hacking legal guidelines.
Court docket paperwork revealed that NSO allegedly deployed Pegasus spyware and adware in zero-click assaults that exploited WhatsApp vulnerabilities utilizing a number of zero-day exploits. The paperwork additionally stated that the spyware and adware maker’s builders reverse-engineered WhatsApp’s code to create instruments that despatched malicious messages that put in spyware and adware, violating federal and state legal guidelines.
Based mostly on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and tips on how to defend in opposition to them.
