PT-2025-15063 · Facebook · Facebook Whatsapp Desktop +1
Published
2025-04-05
·
Updated
2025-08-30
·
CVE-2025-30401
CVSS v2.0
6.8
6.8
Medium
| Base vector | Vector | AV:N/AC:H/Au:S/C:C/I:C/A:P |
**Name of the Vulnerable Software and Affected Versions:**
WhatsApp for Windows versions prior to 2.2450.6
**Description:**
A spoofing issue exists in WhatsApp for Windows, prior to version 2.2450.6, where attachments are displayed according to their MIME type, but the file opening handler is selected based on the filename extension. A maliciously crafted mismatch could cause the recipient to inadvertently execute arbitrary code instead of viewing the attachment when manually opened within WhatsApp. No evidence of exploitation in the wild has been reported.
**Recommendations:**
Update WhatsApp to version 2.2450.6 or later.
Fix
RCE
Weakness Enumeration
Related Identifiers
BDU:2025-04971
CVE-2025-30401
Affected Products
Facebook Whatsapp Desktop
Whatsapp For Windows
References · 101
- https://bdu.fstec.ru/vul/2025-04971 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-30401 · Security Note
- https://twitter.com/windowsforum/status/1910373595492016187 · Twitter Post
- https://t.me/cvenotify/118499 · Telegram Post
- https://facebook.com/security/advisories/cve-2025-30401 · Note
- https://twitter.com/Huntio/status/1911831981135896737 · Twitter Post
- https://twitter.com/DarkWebInformer/status/1909677916780196103 · Twitter Post
- https://twitter.com/grok/status/1942331165928743019 · Twitter Post
- https://twitter.com/windowsforum/status/1909753307238629432 · Twitter Post
- https://twitter.com/CipherGuardians/status/1910085548250976540 · Twitter Post
- https://twitter.com/DynaRisk/status/1910666614053159245 · Twitter Post
- https://twitter.com/MoneyyMindedHQ/status/1937168166100078775 · Twitter Post
- https://twitter.com/_chiefagbabiaka/status/1915739024657928565 · Twitter Post
- https://twitter.com/twelvesec/status/1910118785047998677 · Twitter Post
- https://twitter.com/grok/status/1951575351404241140 · Twitter Post