Security News > 2025 > April > WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
2025-04-09 12:51
WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that makes all WhatsApp for Windows versions prior to v2.2450.6 display sent attachments according to their MIME (media) type – i.e., the metadata that says what kind of file it is: audio, image, message, text, application, etc. – but … More → The post WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2025/04/09/whatsapp-vulnerability-windows-cve-2025-30401/
Related news
- Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-05 | CVE-2025-30401 | Unspecified vulnerability in Whatsapp A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. | 0.0 |