CVE-2025-30401: 
WhatsApp vulnerability analysis and mitigation

A spoofing vulnerability (CVE-2025-30401) was discovered in WhatsApp for Windows versions prior to 2.2450.6. The vulnerability was disclosed on April 5, 2025, and affects the way WhatsApp handles file attachments. The issue was reported through Meta's bug bounty program and has been patched in version 2.2450.6 (NVD, SecurityWeek).

The vulnerability stems from a mismatch between how WhatsApp displays attachments and how it handles their execution. The application displays attachments according to their MIME type but selects the file opening handler based on the attachment's filename extension. This discrepancy could allow attackers to craft malicious files that appear harmless but execute arbitrary code. The vulnerability has been assigned a CVSS v3.1 base score of 6.7 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L (Help Net Security).

If successfully exploited, the vulnerability could allow attackers to execute arbitrary code on the victim's system when the user manually opens a malicious attachment. The impact could include data theft, malware execution, account compromise, and identity theft. The attack requires user interaction, as the victim must manually open the malicious attachment for the payload to execute (The Register).

Users are strongly advised to update their WhatsApp for Windows installation to version 2.2450.6 or later to address this vulnerability. This is the primary mitigation strategy recommended by Meta (Help Net Security).

Security researchers have characterized this as a particularly concerning vulnerability for everyday users. The security community has emphasized the importance of user vigilance when handling attachments, even from known contacts (The Register).