CVE-2025-30401

Vulnerability

A spoofing issue exists in WhatsApp for Windows prior to version 2.2450.6. When an attachment is received, WhatsApp displays it according to its MIME type, but when the user manually opens the attachment, the file opening handler is selected based on the attachment's filename extension. An attacker can craft an attachment where the MIME type suggests a benign file (e.g., image) but the extension is executable (e.g., .exe), leading to a mismatch. [1]

Exploitation

An attacker sends a maliciously crafted attachment to a WhatsApp for Windows user. The recipient sees the attachment displayed as a safe type (e.g., an image) based on MIME type. When the recipient manually opens the attachment (e.g., by clicking on it), the operating system uses the file extension to determine the handler, potentially executing arbitrary code. No user interaction beyond opening the attachment is required. No authentication or special network position is needed beyond being able to send a message to the victim. [1]

Impact

Successful exploitation could allow an attacker to execute arbitrary code on the victim's Windows system with the privileges of the WhatsApp user. This could lead to full compromise of the affected system, including data theft, malware installation, or further lateral movement. The vulnerability is a spoofing issue that bypasses the visual indication of file type. [1]

Mitigation

The vulnerability is fixed in WhatsApp for Windows version 2.2450.6. Users should update to this version or later. No workarounds are available. There is no evidence of exploitation in the wild as of the advisory date. [1]