Threat actors could leverage a recently addressed WhatsApp Desktop for Windows spoofing flaw, tracked as CVE-2025-30401, to distribute trojanized attachments facilitating the execution of malicious code, reports The Register.
Such a vulnerability, which impacts WhatsApp Desktop for Windows versions earlier than 2.2450.6, arises from the app's faulty handling of file attachments, allowing the concealment of nefarious code, according to WhatsApp parent firm Meta. "A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp," said Meta. The severity of the vulnerability to ordinary users was emphasized by Black Duck Managing Security Consultant Adam Brown. "A malicious attachment could be used for data theft, running malware or spreading it, account and identity theft, or anything a nefarious actor chooses. Everyone should be careful when clicking on attachments, even from people they know, and Windows users of WhatsApp should be especially vigilant," Brown added.
Such a vulnerability, which impacts WhatsApp Desktop for Windows versions earlier than 2.2450.6, arises from the app's faulty handling of file attachments, allowing the concealment of nefarious code, according to WhatsApp parent firm Meta. "A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp," said Meta. The severity of the vulnerability to ordinary users was emphasized by Black Duck Managing Security Consultant Adam Brown. "A malicious attachment could be used for data theft, running malware or spreading it, account and identity theft, or anything a nefarious actor chooses. Everyone should be careful when clicking on attachments, even from people they know, and Windows users of WhatsApp should be especially vigilant," Brown added.
