New WhatsApp Bug Lets Hackers Launch Malware via Fake Attachments (CVE-2025-30401)
A newly discovered critical security flaw in WhatsApp Desktop for Windows is raising alarms in the cybersecurity world. Tracked as CVE-2025-30401 , the bug allows attackers to disguise malicious code as harmless file attachments , tricking users into executing malware with a single click. What’s the Threat? The vulnerability affects all WhatsApp Desktop for Windows versions prior to 2.2450.6 . It stems from a flaw in how the app mismatches MIME types and file extensions — essentially, what the app shows you doesn’t match how the file is executed by your system. For example, a file may appear to be an image ( .jpg ) in the chat interface, but behind the scenes, it might actually be an executable file ( .exe ) designed to run malicious code. Technical Breakdown Here’s what makes this bug so dangerous: Risk Factor Details CVE ID CVE-2025-30401 Severity High (CVSS 3.1) Impact Arbitrary code execution Affected Versions WhatsApp Desktop for Windows versions before 2.2450.6 Attac...