WhatsApp flaw can let attackers run malicious code on Windows PCs

Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential targets. Meta says the vulnerability impacted all WhatsApp versions and has been fixed with the release of WhatsApp 2.2450.6. "A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment's filename extension," WhatsApp explained in a Tuesday advisory. "A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp." Meta says an external researcher found and reported the flaw via a Meta Bu ... Read full article.