A new cybersecurity alert has been issued by the Indian Computer Emergency Response Team (CERT-In) regarding a security vulnerability in WhatsApp Desktop. This flaw, identified as CVE-2025-30401, could allow hackers to execute arbitrary code and perform spoofing attacks on targeted computers.
The vulnerability stems from a misconfiguration between the MIME type and file extension, which could lead to improper handling of attachments. Cybercriminals could exploit this flaw by crafting malicious attachments that, when opened manually within WhatsApp, could execute harmful code1. This could potentially expose users to unauthorized access, data theft, and security breaches.
WhatsApp, owned by Meta, has acknowledged the issue and released a new version of its desktop application to address the vulnerability. While there is no evidence of exploitation in the wild, users are strongly advised to update their WhatsApp Desktop application to version 2.2450.6 or later to mitigate any potential risks.
To stay protected, users should:
➡Update WhatsApp Desktop to the latest version immediately.
➡Avoid opening attachments from unknown or suspicious sources.
➡Stay informed about cybersecurity threats and best practices.
Cybersecurity threats continue to evolve, and staying vigilant is key to protecting personal and professional data.
Get in touch
