WhatsApp flaw can let attackers send a file that looks like JPEG but is malicious program, update now
Take action: If you are using WhatsApp on Windows, update it NOW. It's trivial to patch, and you definitely don't want to open that cool meme from a friend only to find out it was a virus.
Learn More
Meta has issued a warning to Windows users about a security vulnerability in the WhatsApp desktop application that could allow attackers to execute malicious code on targeted devices.
The flaw is tracked as CVE-2025-30401 and stems from a discrepancy in how WhatsApp for Windows handles file attachments. The application displays attachments according to their MIME type (metadata that indicates file type) but selects the file opening handler based on the attachment's filename extension.
This mismatch creates a dangerous scenario where an attacker could send a maliciously crafted file that appears harmless (claiming in the metadata it's a JPEG) but contains executable code. When a user opens the attachment within WhatsApp, the application will execute arbitrary code rather than displaying an image.
The vulnerability impacts all WhatsApp for Windows versions prior to 2.2450.6. Meta has patched the issue with the release of WhatsApp version 2.2450.6 and is urging all users to update immediately.
