An update released recently for the WhatsApp desktop app for Windows patches a spoofing vulnerability that could make it easier for threat actors to trick users and achieve remote code execution.
According to a brief advisory published by Meta, the vulnerability is tracked as CVE-2025-30401 and it has been patched with the release of WhatsApp for Windows version 2.2450.6. All prior versions are impacted.
An attacker could exploit the vulnerability by sending the targeted user a specially crafted file whose MIME type is altered to make it appear as a harmless file.
The user would believe that they are opening an image or document file when in reality they would be running an executable or other type of file that triggers the execution of malicious code.
“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” Meta explained.
Attacks involving MIME type manipulation have been known for years, but Meta has not mentioned anything about CVE-2025-30401 being exploited in the wild.
However, WhatsApp is a valuable target for threat actors and vulnerabilities affecting the messaging application are known to be exploited in attacks.
For instance, a WhatsApp zero-day was exploited last year in attacks involving spyware developed by Israeli company Paragon Solutions.
Related: FreeType Zero-Day Being Exploited in the Wild
Related: Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups
Related: $300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland
