Security News > 2025 > April > WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)

WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that makes all WhatsApp for Windows versions prior to v2.2450.6 display sent attachments according to their MIME (media) type – i.e., the metadata that says what kind of file it is: audio, image, message, text, application, etc. – but … More → The post WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/04/09/whatsapp-vulnerability-windows-cve-2025-30401/
Related news
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- WhatsApp flaw can let attackers run malicious code on Windows PCs (source)
- Don't open that JPEG in WhatsApp for Windows. It might be an .EXE (source)
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Microsoft Patches 125 Flaws Including Actively Exploited Windows CLFS Vulnerability (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) (source)
- CVE fallout: The splintering of the standard vulnerability tracking system has begun (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-05 | CVE-2025-30401 | Unspecified vulnerability in Whatsapp A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. | 0.0 |