Skip to content

Dangerous vulnerability discovered in WhatsApp for Windows#

April 25, 2025

Danger JPEG

WhatsApp for Windows users should be extra vigilant. A vulnerability (CVE-2025-30401) has been discovered that could allow attackers to run malware on your computer by tricking you into opening a specially crafted file. This vulnerability does not apply to the GREEN-API service and only affects the WhatsApp for Windows app!

  1. General information
  2. How it works
  3. What you can do
  4. Conclusion

1. General information#

The vulnerability affects all versions of WhatsApp Desktop for Windows prior to version 2.2450 and is related to how the app handles file attachments. WhatsApp displays the type of an attachment based on its MIME type (metadata indicating what type of file it is), but relies on the file name extension when opening the file.

This means that a file disguised as a harmless image with the correct MIME type but with an “.exe” extension could be run as a program if the user opens it. An attacker could convince the user to open such a file, for example by disguising it as a photo from a neighbor in a WhatsApp group in their area.

A maliciously crafted inconsistency could result in the recipient inadvertently running arbitrary code instead of viewing the attachment when manually opening the attachment inside WhatsApp, Meta explained in a security alert.

2. How it works#

  1. The attacker sends you a file in WhatsApp for Windows. The file looks like a normal image (e.g. JPEG).

  2. However, the extension of this file is “.exe” (executable file).

  3. If you open this file, WhatsApp will run it as a program, ignoring the fact that it is supposed to be an image.

  4. This will install malware on your computer.

3. What you can do#

  • Update WhatsApp Desktop for Windows to version 2.2450.6 or higher as soon as possible. This will fix the vulnerability.

  • Be extremely careful when opening files received in WhatsApp, even from people you know. Always check the file extension before opening. If the extension is suspicious (e.g. “.exe”, “.vbs”, “.scr”), do not open the file.

  • Use antivirus software with up-to-date databases. This will help protect your computer from malware that can be launched through this vulnerability.

4. Conclusion#

Although this vulnerability requires user interaction to exploit (i.e. you have to manually open the malicious file), it is a serious threat. Update WhatsApp for Windows and be careful with the attachments you receive.

Once again, this vulnerability does not affect the GREEN-API service API and only affects the WhatsApp for Windows application. Take care of yourself and your data!