AI description
CVE-2025-30401 is a spoofing vulnerability that affects WhatsApp for Windows versions prior to 2.2450.6. The vulnerability lies in how WhatsApp handles file attachments. The application displays attachments according to their MIME type but selects the file opening handler based on the attachment's filename extension. This discrepancy could allow attackers to craft malicious files that appear harmless but, when manually opened by the user, could execute arbitrary code. A maliciously crafted attachment with a misleading filename and MIME type could trick the user into opening a file that contains arbitrary code.
- Description
- A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.
- Source
- cve-assign@fb.com
- NVD status
- Modified
CVSS 3.1
- Type
- Secondary
- Base score
- 6.7
- Impact score
- 5.5
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
16
- Para los que tengan Wha|sApp instalado en Windows, debéis de actualizar YA la aplicación ya que se ha corregido un fallo "Enorme" que permitía ejecución de código malicioso sólo modificando MIME engañando así a la aplicación y camuflando .exe en .jpeg. CVE-2025-30401
@c1b3rn30s
21 Jun 2025
5626 Impressions
43 Retweets
150 Likes
35 Bookmarks
1 Reply
3 Quotes
#Vulnerability #CVE202530401 WhatsApp for Windows Spoofing Vulnerability: Execute Code Risk (CVE-2025-30401) https://t.co/5yLrW0fpW8
@Komodosec
14 Jun 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ثغرة في واتساب لسطح المكتب (CVE-2025-30401) تم اكتشاف ثغرة أمنية حرجة في تطبيق واتساب لسطح المكتب على نظام ويندوز (للإصدارات السابقة للإصدار 2.2450.6)، تسمح للمهاجم
@bobo3750
6 Jun 2025
8 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 PERINGATAN KEAMANAN! 🚨 Telah ditemukan kerentanan pada WhatsApp Desktop (CVE-2025-30401) yang bisa dimanfaatkan oleh pihak tidak bertanggung jawab untuk menyebarkan malware lewat file lampiran! #CVE202530401 #KeamananDigital #WhatsAppDesktop #UpdateSekarang #PemprovKalb
@KominfoKalbar
31 May 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhatsApp for Windows flaw (CVE-2025-30401) lets attackers run malicious code via crafted files. Update to 2.2450.6! Follow @ElusivePrivacy for more. Source: https://t.co/SBTAuc7Rm9
@ElusivePrivacy
14 May 2025
61 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
رسميًا: Meta تؤكد الثغرة خطيرة في WhatsApp – نسخة سطح المكتب (Windows): 🆔: CVE-2025-30401 تفاصيل الثغرة: تنفيذ أوامر عن بُعد (RCE) المتأثر: WhatsApp for Windows https://t.co/eUG5IMdMEa
@baselAbubakr
3 May 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
SECURITY ALERT ‼️ 🚨 A critical spoofing vulnerability (CVE-2025-30401) has been discovered in WhatsApp for Windows, related to how the app handles file attachments. Users are advised to update WhatsApp to the latest version to mitigate this risk. #NitdaCyberSecurityAler
@GoziconC
25 Apr 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1 SECURITY ALERT ‼️ 🚨 A critical spoofing vulnerability (CVE-2025-30401) has been discovered in WhatsApp for Windows, related to how the app handles file attachments. Users are advised to update WhatsApp to the latest version to mitigate this risk. #NitdaCyberSecurityAl
@Journalist_Mind
25 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SECURITY ALERT from @NITDANigeria A critical spoofing vulnerability (CVE-2025-30401) has been discovered in WhatsApp for Windows, related to how the app handles file attachments. Users are advised to update WhatsApp to the latest version to mitigate this risk. Do not open https
@maryteeunique
25 Apr 2025
267 Impressions
3 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
SECURITY ALERT ‼️ 🚨 A critical spoofing vulnerability (CVE-2025-30401) has been discovered in WhatsApp for Windows, related to how the app handles file attachments. Users are advised to update WhatsApp to the latest version to mitigate this risk. @NITDANigeria @KashifuIn
@fattylincorn_01
25 Apr 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SECURITY ALERT ‼️ 🚨 A critical spoofing vulnerability (CVE-2025-30401) has been discovered in WhatsApp for Windows, related to how the app handles file attachments. Users are advised to update WhatsApp to the latest version to mitigate this risk. #NitdaCyberSecurityAlert http
@NITDANigeria
24 Apr 2025
1820 Impressions
26 Retweets
40 Likes
2 Bookmarks
0 Replies
0 Quotes
Our good old WhatsApp allows hackers to send surprise attachments. Due to the CVE-2025-30401 vulnerability, hackers can send viruses under the guise of completely harmless files. Stay safe and choose protected messaging solutions (e.g. TrueConf 😉) https://t.co/4IyI7MG7Rr
@OdintsovDim
23 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#WhatsApp corrige vulnerabilidad crítica (CVE-2025-30401) que permitía ejecutar código malicioso oculto en "imágenes". Importante actualizar a la versión 2.2450.6 o posterior en Windows. Los atacantes podían camuflar archivos .exe como fotos inofensivas https://t.co/23JkPxz9f3 ht
@henryraul
19 Apr 2025
315 Impressions
14 Retweets
14 Likes
1 Bookmark
0 Replies
1 Quote
النشرة الأمنية الصادرة عن مركز اليقظة والرصد والتصدي للهجمات المعلوماتية في المغرب كشفت أن الثغرة التي أطلق عليها اسم CVE-2025-30401 تتعلق بإصدارات واتساب الأقدم من نسخة 2.2450.6 #نوافذ_عربية https://t.co/srN7DWehxD
@nawafezarabia
17 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CybersecurityNEWS🔴👨💻👾 WhatsApp para Windows presenta la vulnerabilidad crítica CVE-2025-30401, un fallo en el manejo de archivos adjuntos que permite la ejecución remota de código (RCE). Ver más: https://t.co/dHmlHEik59 #ciberseguridad #DevelNews https://t.co/hXtfGEMvAX
@develsecurity
16 Apr 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 إدارة الدفاع الوطني نحذر المغاربة من ثغرة خطيرة تهدد مستخدمي تطبيق Whatsapp تطال الإصدارات الأقدم من 2.2450.6، على الحواسيب العاملة بنظام Windows. الحل: تحديث التطبيق فورا وفقا لنشرة الأمان الصادرة عن شركة META. المديرية العامة لأمن نظم المعلومات الرقم المرجعي CVE-2025-30401
@twit_sine
16 Apr 2025
3692 Impressions
17 Retweets
87 Likes
7 Bookmarks
5 Replies
1 Quote
Kritikus sebezhetőség a WhatsApp-ban! A Meta biztonsági csapata súlyos biztonsági rést fedezett fel a WhatsApp for Windows asztali alkalmazásában, amely CVE-2025-30401 azonosítót kapta. Ez a sérülékenység távoli kódfuttatást tesz lehetővé, ha a felhasználó a WhatsApp Desktopba…
@linuxmint_hun
14 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhatsApp Desktop Vulnerability Could Facilitate Remote Code Execution 🚨 https://t.co/svCuVGLUZd A spoofing vulnerability (CVE-2025-30401) in WhatsApp for Windows could allow attackers to trick users into executing malicious code via crafted files. Update WhatsApp for
@Huntio
14 Apr 2025
413 Impressions
2 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-30401 Whasapp https://t.co/NPeY5sIqlY
@Snoopy_nfo
14 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیبپذیری واتساپ با شناسه CVE-2025-30401 آسیبپذیری اجرای کد از راه دور را ممکن می سازد! #Cybersecurity #Cybersecurity_News #اخبار_امنیت_سایبری #CVE_2025_30401 #Meta #واتساپ #WhatsApp #RCE https://t.co/hvGUpdsU5X
@vulnerbyte
12 Apr 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
اگر رو ویندوزت نسخه Desktop واتساپ رو داری ، برو سریعا update کن. برای واتساپ نسخه Desktop ویندوز ، آسیب پذیری با کد شناسایی CVE-2025-30401 منتشر شده است که به هکرها امکان اجرای کد یا همان RCE را می دهد. https://t.co/Poz3aKYxT1 https://t.co/LxQhUIRoSk
@AmirHossein_sec
11 Apr 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 Breaking News: A newly discovered #WhatsApp vulnerability, CVE-2025-30401, threatens to unleash #malware on unsuspecting #Windows users! 🔗 https://t.co/TLPcoJi8OG
@WideWatchers
11 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Described as a spoofing issue and tracked as CVE-2025-30401. https://t.co/wzVqtRIhkz https://t.co/S3wMW0wC
@riskigy
11 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
أعلنت شركة "ميتا"، المالكة لتطبيق واتساب، عن اكتشاف ثغرة أمنية خطيرة تؤثر على تطبيق واتساب على نظام التشغيل ويندوز، تحت المعرف CVE-2025-30401. تكمن هذه الثغرة في كيفية تعامل التطبيق مع المرفقات، حيث يتم عرض الملف وفق نوعه (MIME type)، بينما يتم فتحه باستخدام البرنامج المرتبط http
@hespress
11 Apr 2025
1505 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
A recently disclosed vulnerability in WhatsApp for Windows, identified as CVE-2025-30401, allowed attackers to disguise malicious files as harmless attachments #CyberSecurity #ZeroDay #StaySafeOnline https://t.co/uyOr98cISt
@TAAUSLLC
10 Apr 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This week's major security updates: Fortinet patched a critical FortiSwitch flaw (CVE-2024-48887, 9.8 CVSS), WhatsApp fixed a malware trick (CVE-2025-30401), SAP addressed code injection (CVE-2025-27429, CVE-2025-31330) & auth bypass (CVE-2025-30016).
@CyberWatch_News
10 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 WhatsApp Vulnerability CVE-2025-30401 🔐 A critical security flaw in WhatsApp’s Windows app (CVE-2025-30401) was discovered on April 9, 2025. This vulnerability allows attackers to exploit a file-handling issue, potentially enabling remote code execution. 💥 Key Points: •
@CipherGuardians
9 Apr 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📱 WhatsApp patched CVE-2025-30401—a spoofing flaw in Windows app (pre-2.2450.6) letting attackers disguise malicious files as safe images. Could lead to remote code execution. Update now! 🔐 https://t.co/w4fuEt8aSU #CyberSecurity #WhatsApp
@dCypherIO
9 Apr 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
مهم!⚠️ اگه از نسخه دسکتاپ واتساپ روی ویندوز استفاده میکنید، فوری آپدیت کنید! یه باگ (CVE-2025-30401) توی نسخههای قدیمی باعث میشه هکرها بتونن بدافزار رو در قالب فایل عکس جعلی بفرستن. کلیک روی اون عکس میتونه اطلاعاتتون رو به خطر بندازه یا کنترل کامپیوترتون رو به هکر بده. 💻🔓
@behradj92
9 Apr 2025
91 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw in WhatsApp for Windows (CVE-2025-30401) allows hackers to disguise malware in file attachments. Users need to update to the latest version to stay protected. 🛡️💻 #WhatsApp #Malware #USA link: https://t.co/0n26PzfDBj https://t.co/7oD5kTkfGr
@TweetThreatNews
9 Apr 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Security Advisory: The National Security Operations Centre (NSOC) is advising the public to a vulnerability in WhatsApp Desktop for Windows (CVE-2025-30401) that allows attackers to disguise malicious files as harmless attachments. 🛡️ https://t.co/SFZ9P6Jkgt
@cirtgovjm
9 Apr 2025
165 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🗞️ WhatsApp Flaw Exposes Windows PCs to Remote Malware Execution A new WhatsApp flaw (CVE-2025-30401) lets attackers run malicious code on Windows PCs via spoofed file attachments. Update to version 2.2450.6 now to stay safe! Meta patched it after a researcher’s tip, but there
@gossy_84
9 Apr 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CVE-2025-30401 exposes WhatsApp for Windows users to spoofing attacks & arbitrary code execution via crafted attachments. Update to v2.2450.6 now! Details: https://t.co/t5WzkxZacG #CyberSecurity #InfoSec #WhatsAppVulnerability
@threatsbank
9 Apr 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔨WhatsApp、リモートコード実行を容易にする脆弱性を修正(CVE-2025-30401) 📱GoogleがAndroidのゼロデイ脆弱性2件を修正、悪用された可能性についても言及(CVE-2024-53197、CVE-2024-53150) 〜サイバーアラート 4月9日〜 https://t.co/ohAKKImzR7 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
9 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhatsApp has fixed a spoofing flaw (CVE-2025-30401) that could allow remote code execution on Windows versions before 2.2450.6, as attackers could send files with deceptive MIME types to trick users. #Cybersecurity https://t.co/y6ASIJYJqf
@Cyber_O51NT
9 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Metaは2025年4月8日、Windows版WhatsAppに存在する重大な脆弱性(CVE-2025-30401)を公表しました。この脆弱性はバージョン2.2450.6より前のすべてのWindows版WhatsAppに影響し、ファイル添付機能の処理方法に関するバグに起因しています。 https://t.co/xIHX9qhuLU https://t.co/wItux5Y3mn
@quickshield_jp
8 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/odMPSj4BCy 📌 The spoofing vulnerability, officially tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6 and poses a significant risk to users who interact with attachments sent through the platform. https://t.co/Q7I2OI
@Yesyoucan25519
8 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Meta ha avvisato gli utenti #Windows di aggiornare l'app di messaggistica #WhatsApp all'ultima versione per correggere una vulnerabilità CVE-2025-30401 che potrebbe consentire agli aggressori di eseguire codice dannoso sui loro dispositivi https://t.co/SnXdW8fMOl https://t.co/z
@techworldaleant
8 Apr 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 #WhatsApp for #Windows, Spoofing Vulnerability, #CVE-2025-30401 (Critical) https://t.co/ToD6wU1Llg
@dailycve
8 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️¿Usas WhatsApp en Windows para compartir archivos? Podrías infectarte de malware sin saberlo Meta confirmó una vulnerabilidad en WhatsApp para Windows (CVE-2025-30401). Permite ejecutar código malicioso si se abre un archivo con extensión manipulada. 📎 El fallo permitía h
@CycuraMX
8 Apr 2025
5416 Impressions
52 Retweets
98 Likes
40 Bookmarks
0 Replies
3 Quotes
A serious #WhatsApp vulnerability (CVE-2025-30401) allows spoofed file attachments to execute malicious code on Windows. Affected versions: <2.2450.6. Update now. Details 👇 https://t.co/t5WzkxZacG #Cybersecurity #InfoSec
@threatsbank
8 Apr 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhatsApp for Windows Spoofing Vulnerability: Execute Code Risk (CVE-2025-30401). https://t.co/I6R35ku4EX https://t.co/BVv7FddLcz
@info_lfd
8 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WhatsApp, de plus en plus utilisé sur PC, confronté à une nouvelle vulnérabilité (CVE-2025-30401). Un problème d'usurpation dans les versions antérieures à 2.2450.6 pourrait piéger les utilisateurs avec du code malveillant via des pièces jointes. Mettez à jour ! #Cybersécurité
@_F2po_
6 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-30401 A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on t… https://t.co/qScLjjfXUA
@CVEnew
5 Apr 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-30401 | Facebook WhatsApp Desktop 0.3.3793/0.3.4932/0.3.9309 on Windows Attachment wrong handler) has been published on https://t.co/KNxLY0w3Eu
@WolfgangSesin
5 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "2A3F57F6-8A7D-4EF5-9473-A36DF09278D0",
"versionEndExcluding": "2.2450.6"
}
],
"operator": "OR"
}
]
}
]