Meta Patches WhatsApp for Windows Vulnerability That Enables Code Execution via File Spoofing
Spoofing Bug in Desktop App Exploited File Extension Trick to Bypass User Trust
Meta has released a security update for WhatsApp for Windows, urging users to upgrade immediately to version 2.2450.6 to fix a vulnerability tracked as CVE-2025-30401. This critical spoofing flaw could allow attackers to trick users into running malicious code simply by opening what appears to be a benign file.
How the Attack Works
According to Meta’s advisory, the vulnerability is rooted in how WhatsApp handles file attachments:
“A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the filename extension.”
In simpler terms, an attacker could send a file that looks like an image or document based on its MIME type, while hiding an executable payload using a misleading file extension. If a recipient opens the file manually from within WhatsApp, they may inadvertently launch malware.
No Evidence of Active Exploitation
Meta credits an external security researcher for discovering and responsibly disclosing the flaw through its Bug Bounty program. As of now, the company has not confirmed any in-the-wild exploitation of CVE-2025-30401.
However, given WhatsApp’s widespread use—especially on desktop in business environments—the window for abuse could have been significant had it remained unpatched.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Not the First Time WhatsApp Has Faced File Execution Risks
This is not the first time WhatsApp’s desktop version has allowed for unintended code execution. In July 2024, a similar issue enabled automatic execution of Python and PHP files when opened on machines where Python was installed, without alerting the user.
Part of a Larger Pattern of Targeted Attacks
WhatsApp continues to be a prime target for spyware campaigns:
In late 2024, a zero-click exploit was used to install Paragon’s Graphite spyware, affecting nearly 90 users across two dozen countries.
In a U.S. federal court ruling last year, Israeli spyware maker NSO Group was found to have exploited multiple WhatsApp zero-days to install Pegasus spyware on over 1,400 devices, violating U.S. hacking laws.
These incidents underscore WhatsApp’s attractiveness to threat actors deploying highly targeted surveillance tools.
Trending: Offensive Security Tool: CTFPacker
User Recommendations
Meta is strongly urging users to:
✅ Update WhatsApp for Windows to version 2.2450.6 or later
✅ Avoid opening unexpected file attachments, even from known contacts
✅ Verify file extensions manually, especially if the file type seems mismatched
✅ Use reputable endpoint protection, especially on devices used for communication and collaboration
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: hackread.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
