Overview

• Meta has released WhatsApp Desktop version 2.2450.6 for Windows to fix a spoofing vulnerability (CVE-2025-30401) that could allow attackers to execute arbitrary code.
• The flaw arises from a mismatch between an attachment's MIME type and its file extension, potentially leading to malicious code execution when users open rigged attachments.
• Exploitation of the vulnerability requires user interaction, as attackers must persuade users to manually open the malicious attachment.
• An external researcher discovered and reported the issue through Meta’s Bug Bounty program, and there is no evidence so far of the flaw being exploited in the wild.
• Security experts warn that such vulnerabilities could lead to data theft, malware infections, and identity theft, underscoring the importance of timely updates and user caution.