Spoofing Vulnerability in WhatsApp for Windows by Facebook
CVE-2025-30401

6.7MEDIUM

Key Information:

Vendor
Facebook
Status
WhatSAPp Desktop For Windows
Vendor
CVE Published:
5 April 2025

Badges

📈 Score: 1,030💰 Ransomware👾 Exploit Exists📰 News Worthy

What is CVE-2025-30401?

CVE-2025-30401 is a spoofing vulnerability found in WhatsApp for Windows, specifically affecting versions prior to 2.2450.6. WhatsApp, developed by Facebook, is a widely used messaging application that facilitates communication through text, voice, and video. This vulnerability poses a risk to users as it allows malicious actors to exploit the way attachments are handled, potentially resulting in the execution of arbitrary code on a recipient's system instead of merely opening the intended file. Such exploitation could lead to serious ramifications for organizations relying on WhatsApp for communication, as it may inadvertently enable unauthorized access to sensitive systems or data.

Technical Details

The vulnerability arises from the way WhatsApp processes file attachments. It relies on MIME types to display attachments correctly; however, it selects the file opening handler based on the file's extension. If an attacker crafts a malicious attachment that tricks the application about its actual type versus its file extension, the recipient may execute harmful code when attempting to open the attachment. This allows the attacker to circumvent the security designed to prevent the execution of unsolicited code and potentially compromise the recipient’s machine.

Potential Impact of CVE-2025-30401

  1. Arbitrary Code Execution: The most significant risk posed by this vulnerability is the potential for attackers to execute arbitrary code on the user's system, leading to unauthorized actions that can compromise sensitive data or system integrity.

  2. Data Breaches: Exploitation of this vulnerability could create pathways for cybercriminals to access confidential information within organizations. Such breaches may lead to loss of proprietary information, customer data, or other sensitive materials.

  3. Increased Malware Propagation: By executing malicious code, this vulnerability could facilitate the spread of additional malware through the compromised systems, leading to broader network infections and increasing the overall security risk for affected organizations.

Affected Version(s)

WhatsApp Desktop for Windows 0.0.0 < 2.2450.6

News Articles

favicon imageJD Supra

WhatsApp Patches Vulnerability That Facilitates Remote Code Execution

WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows...

2 weeks ago

favicon imageMalwarebytes

WhatsApp for Windows vulnerable to attacks. Update now!

If you use WhatsApp for Windows, you'll want to make sure you're on the latest version.

3 weeks ago

favicon imageHelp Net Security

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) - Help Net Security

A WhatsApp for Windows security vulnerability (CVE-2025-30401) may allow attackers to trick users into running malicious code.

3 weeks ago

References

https://www.facebook.com/security/advisories/cve-2025-30401
x_refsource_CONFIRM
https://www.whatsapp.com/security/advisories/2025/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.