A newly disclosed vulnerability in the WhatsApp desktop app for Windows could have exposed millions of users to remote code execution (RCE) attacks. Meta has now released a critical update—version 2.2450.6—that fixes this spoofing flaw, officially tracked as CVE-2025-30401.
Dangerous WhatsApp Spoofing Bug Patched
The vulnerability, affecting all prior versions of WhatsApp for Windows, allowed cybercriminals to manipulate file types and trick users into executing harmful code. The flaw stemmed from how the app handled MIME types—a system used to label file formats.
How the Exploit Worked
Attackers could exploit the flaw by sending users malicious files with tampered MIME types. For example, a file disguised as a harmless image or document would actually be an executable. When opened inside WhatsApp, it would automatically launch the hidden malicious payload.
Meta explained that, “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.”
This makes it easy for attackers to bypass user suspicion and achieve code execution without relying on complex techniques.
Why This Matters
Although Meta hasn’t confirmed if CVE-2025-30401 has been exploited in the wild, similar past vulnerabilities have been actively used in real-world cyberattacks. WhatsApp remains a high-value target for hackers due to its widespread usage and the sensitive nature of user communications.
In fact, last year a zero-day vulnerability in WhatsApp was leveraged to deliver spyware created by Israeli surveillance firm Paragon Solutions. That incident highlighted how quickly threat actors exploit weaknesses in popular messaging apps.
What Users Should Do
All Windows users of WhatsApp are strongly urged to update their apps to version 2.2450.6 immediately to protect against potential attacks exploiting this spoofing vulnerability.
While there’s no current evidence of active exploitation, the risk remains high for unpatched systems—especially since techniques involving MIME type spoofing have been weaponized in phishing and malware attacks for years.
