138/68 Thursday, April 10, 2025
WhatsApp has released a patch for a newly discovered vulnerability, CVE-2025-30401, affecting WhatsApp for Windows versions prior to 2.2450.6. This spoofing vulnerability allows attackers to send malicious file attachments disguised with a fake MIME type, tricking users into believing the files are safe—such as images or documents—when in reality, opening them could result in remote code execution (RCE). The issue stems from a mismatch between MIME type and file extension during the file handling process.
According to Meta, this flaw could be exploited in highly targeted attacks, similar to previous campaigns involving Paragon spyware (Graphite). In those cases, attackers used zero-click, zero-day vulnerabilities to compromise the devices of journalists and activists by sending infected PDFs via group chats, without any user interaction required. The campaign was documented by Citizen Lab, whose investigation led to the termination of the attack and immediate notification of affected users.
Given its massive user base and perceived trustworthiness, WhatsApp remains a high-value target for threat actors driven by financial or political motives. Zero-day vulnerabilities capable of exploiting WhatsApp are highly sought after on the black market, as they can grant direct access to users’ private data or control over their devices. WhatsApp strongly urges all users to update to the latest version immediately and to avoid opening file attachments from untrusted sources, in order to safeguard personal data and device security.
