Facebook parent meta has warned of a significant vulnerability in the microsoft windows version of its popular WhatsApp Messaging platform that would leave users at risk or falling Victim to a variety of cyber attacks, up to and including ransomware incidences.
In an online advisoryMeta said that the spoofing issue – which exists in versions Prior to 2.2450.6 and is being tracked as Cve-2025-30401 – causes whatsapp to display attachments Multipurpaose Internet Mail Extension (Mime) Type but select the file opening handle based on the True FileName Extension of Said Attachment.
In this instance, should a Malicious actor deliberately alter the time type, they could cause the recipient to inadverted to the Execute Arbitrary Code Rather Than View the Atach Meen The Atach will be Inside Whatsapp.
In practice, this means that a victim might see an attachment appearing to be an innocent .jpeg file and be convinced to open it, only to have it turns out to be a .exe file – that is to say, Malware.
Meta Highly Favoured by Cyber Criminals
The disclosure of cve-2025-30401 comes hot on the heels of new data, Released by online bank revolutRevealing that during 2024, whatsapp was the main vector for One in five scams in the ukAnd their Volume Grew by 67% Between June and December.
More widely, meta platforms, including Facebook and Instagram, are highly favored by cyber criminals thanks to their large consumer user user bases who often lak a clea Measures.
“Most people will be part of a Whatsapp group where it is common for images to be shared and this is where this vulnerability becomes breeder Cybersmart,
If a cyber criminal was altar to share this image eater in your group or with someone you Trust who then goes on to share it in your group, anybody in that groups unknoving Associated with the shared image. “
Martin Kramer, a Security Awareness Advocate at Knowbe4Said That the Near-Universal Use of Whatsapp Made Such Vulnerabilites Potentially Extremely Impactful, Not Just to Consures but to Organisations as well.
Whatsapp have become such an integral part of life from organizing hairsser appointments to sharing cvs with recruiters. Essential Little Helper for Many Running in the Background While We Go About Our Professional and Private Duties, “He said.
Because Whatsapp is so entrenched with our communication and working habits, we have developed automatisms, a high level of trust, and a dependency that Attackers love Vulnerability in the windows client. The vulnerability must be taken lightly and users should update their software to the newest version now. “
Kramer warned that in the interim, whatsapp users should always exercise extreme caution when opening attachments or files sent to them via the service. Ideally, He Said, Best Practice is to Treat it as one would treat one's email account, and never open unexpeted files, particularly not one from new contacts.
“It is good to see howyver that the solution is at hand and simple to achieve and that is to apply an update to whatsapp,” Added pilton.
“Cyber criminals will continue to exploit vulnerability with the software we use and the software providers will continue to provide updates or patches that that provides Cyber criminals use.