Getting your Trinity Audio player ready...
A critical vulnerability discovered in the Windows version of WhatsApp Desktop could allow seemingly harmless files, such as images, to execute malicious code without users realizing it. All an attacker needs to do is convince the user to open what appears to be a legitimate file.
The flaw, identified as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows released before version 2.2450.6. Users can check their version by clicking the settings gear icon at the bottom right of the app, selecting “Help,” and viewing the version number in the pop-up window.
How it works
The vulnerability stems from how WhatsApp handles attached files. When receiving a file, WhatsApp generates a preview based on its MIME type — a classification meant to identify file types such as images or documents. However, when opening the file, WhatsApp defers to the file extension (e.g., .jpg, .pdf, .exe), which Windows uses to determine how to handle it.
This mismatch opens the door for attackers to disguise executable files as images or documents by assigning them a misleading MIME type. Once the file is opened, Windows may attempt to run it as a program, triggering malicious code.
“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” Meta, WhatsApp’s parent company, explained in its official security advisory.
Although WhatsApp is a frequent target for hackers, this specific exploit requires users to manually open the infected file. Still, the risk shouldn’t be underestimated. Many users routinely click on attachments without thinking, especially if they come from trusted sources like work groups, family chats or military contacts.
Get the Ynetnews app on your smartphone: Google Play: https://bit.ly/4eJ37pE | Apple App Store: https://bit.ly/3ZL7iNv
What to do
The most important step is to ensure WhatsApp Desktop is updated to version 2.2450.6 or later. If the app was installed from the Microsoft Store and automatic updates are enabled, users should already be protected, but it’s worth verifying.
Those using computers managed by schools, workplaces or other organizations should contact their IT support to update the software, particularly if they don’t have administrative access.
Meta said there's currently no evidence the vulnerability has been exploited in the wild but urged users to install the update as a precaution.
Previous WhatsApp vulnerabilities
This isn’t the first time WhatsApp has faced a serious security issue. In July 2024, the company patched a similar vulnerability that allowed execution of PHP and Python files without warning — provided the target had Python installed.
3 View gallery
Meta CEO Mark Zuckerberg, former prime minister and Paragon founder Ehud Barak
(Photo: SHAWN THEW/Pool via REUTERS, Kobi Kuenkas)
Other past attacks have used “zero-click” exploits, which require no user interaction. One notable case emerged earlier this year, when Meta accused Israeli spyware firm Paragon of using WhatsApp to install its “Graphite” spyware on the smartphones of around 90 individuals in 20 countries.
Meta issued the company a pre-lawsuit notice demanding it stop targeting WhatsApp users. Paragon was weighing its legal response and said it was not deterred by the threat of a court battle.
In another high-profile case, a U.S. federal judge ruled in December that Israeli firm NSO used WhatsApp vulnerabilities to deploy its notorious Pegasus spyware on about 1,400 devices. Court documents revealed that NSO reverse-engineered WhatsApp and used malicious messages to infect targets — violating U.S. cybersecurity laws.