Overview

• The vulnerability, tracked as CVE-2025-30401, affects WhatsApp for Windows versions prior to 2.2450.6 and has been patched in the latest update.
• The flaw allowed attackers to exploit a mismatch between file MIME types and extensions, potentially tricking users into running malicious code.
• Discovered by an external researcher through Meta's bug bounty program, the issue underscores the importance of collaborative cybersecurity efforts.
• Meta has confirmed there is no evidence of the vulnerability being exploited in the wild but advises users to update immediately to mitigate risks.
• Cybersecurity experts warn that unpatched systems could face risks such as data theft, malware spread, and identity compromise if malicious attachments are opened.