Facebook parent Meta has warned of a significant vulnerability in the Microsoft Windows version of its popular WhatsApp messaging platform that could leave users at risk or falling victim to a variety of cyber attacks, up to and including ransomware incidents.
In an online advisory, Meta said that the spoofing issue – which exists in versions prior to 2.2450.6 and is being tracked as CVE-2025-30401 – causes WhatsApp to display attachments sent via the messaging platform according to their Multipurpose Internet Mail Extension (MIME) type but to select the file opening handler based on the true filename extension of said attachment.
In this instance, should a malicious actor deliberately alter the MIME type, they could cause the recipient to inadvertently execute arbitrary code rather than view the attachment when they manually open it inside WhatsApp.
In practice, this means that a victim might see an attachment appearing to be an innocent .jpeg file and be convinced to open it, only to have it turn out to be a .exe file – that is to say, malware.
Meta highly favoured by cyber criminals
The disclosure of CVE-2025-30401 comes hot on the heels of new data, released by online bank Revolut, revealing that during 2024, WhatsApp was the main vector for one in five scams in the UK, and their volume grew by 67% between June and December.
More widely, Meta platforms, including Facebook and Instagram, are highly favoured by cyber criminals thanks to their large consumer user bases who often lack a clear understanding of basic personal security measures.
“Most people will be part of a WhatsApp group where it is common for images to be shared and this is where this vulnerability becomes dangerous,” said Adam Pilton, senior cyber security consultant at CyberSmart.
“If a cyber criminal was able to share this image either in your group or with someone you trust who then goes on to share it in your group, anybody in that group could unknowingly execute the malicious code associated with the shared image.”
Martin Kraemer, a security awareness advocate at KnowBe4, said that the near-universal use of WhatsApp made such vulnerabilities potentially extremely impactful, not just to consumers but to organisations as well.
“WhatsApp has become such an integral part of life from organising hairdresser appointments to sharing CVs with recruiters. As the preferred platform of communication, the Windows client has become an essential little helper for many running in the background while we go about our professional and private duties,” he said.
Because WhatsApp is so entrenched with our communication and working habits, we have developed automatisms, a high level of trust, and a dependency that attackers love to exploit as is happening with this vulnerability in the windows client. The vulnerability must not be taken lightly and users should update their software to the newest version now.”
Kraemer warned that in the interim, WhatsApp users should always exercise extreme caution when opening attachments or files sent to them via the service. Ideally, he said, best practice is to treat it as one would treat one’s email account, and never open unexpected files, particularly not one from new contacts.
“It is good to see however that the solution is at hand and simple to achieve and that is to apply an update to WhatsApp,” added Pilton.
“Cyber criminals will continue to exploit vulnerabilities within the software we use and the software providers will continue to provide updates or patches that protect us against the attacks that cyber criminals use. This is why vulnerability management, also known as applying the updates that software providers issue, is so important.”
