HQ/EMEAFind out how we can help your business
Threat actors target Windows users using a WhatsApp flaw that allows them to run malicious code on compromised devices.
Reports revealed that the security vulnerability is a spoofing issue tracked as CVE-2025-30401. Hackers can exploit the bug by transmitting maliciously designed files with altered file types to prospective targets.
Researchers claim that the issue affected all WhatsApp versions and was patched with the release of WhatsApp 2.2450.6. They explained that WhatsApp for Windows before version 2.2450.6 had a spoofing issue.
It displayed attachments based on their MIME type, but the file opening handler was chosen depending on the attachment’s filename extension.
If unwary targets manually access the attachment inside WhatsApp, a maliciously constructed mismatch might have allowed them to execute arbitrary code instead of viewing the attachment mistakenly.
As of now, researchers have yet to reveal whether CVE-2025-30401 has an ongoing exploit in the wild.
On the other hand, WhatsApp fixed a slightly similar vulnerability in July last year, allowing Python and PHP attachments to be executed without warning when viewed by recipients on Windows devices with Python installed.
A WhatsApp flaw is commonly exploited for spyware campaigns.
According to reports, a recently fixed WhatsApp flaw, which is a zero-day security bug, is used to install Paragon’s Graphite spyware.
The affected company stated that the attack vector was resolved late last year without needing a client-side update, and it decided not to provide a CVE-ID after studying MITRE’s CVE rules and internal policies.
Earlier this year, after resolving the server-side security issue, WhatsApp notified approximately 90 Android users from more than 24 countries, including Italian journalists and activists targeted in Paragon spyware attacks utilising the zero-click exploit.
Furthermore, last December, a US federal judge ruled that Israeli spyware maker NSO Group violated US hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices.
Malicious campaigns involving spying and eavesdropping commonly exploit WhatsApp vulnerabilities. Therefore, WhatsApp users should always employ the latest security updates whenever available to fix issues that would prevent unwanted compromise.
