WhatsApp Desktop Vulnerability Warning

India’s cybersecurity agency, CERT-In (Computer Emergency Response Team), has raised an urgent alert regarding a major vulnerability within WhatsApp Desktop, which could enable hackers to access personal information or seize full control of the compromised systems.

Critical Vulnerability Details

The identified flaw, named CVE-2025-30401, impacts WhatsApp Desktop for Windows versions earlier than 2.2450.6. As per the advisory, the vulnerability arises due to a misconfiguration involving MIME types and file extensions, resulting in the incorrect handling of file attachments. Consequently, this could permit cybercriminals to embed malicious software in files that appear benign, such as images, which could execute harmful code if opened manually within WhatsApp.

Official Statement from Meta

Meta, the parent company of WhatsApp, stated in its security notice that a “maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment.”

Who is Affected?

The vulnerability primarily threatens users who have installed WhatsApp Desktop on Windows devices. CERT-In warns that effective exploitation could result in spoofing attacks, unauthorized access to data, or complete system takeover. Given that over 400 million individuals use WhatsApp in India, the potential impact is extensive.

How to Protect Yourself

Both WhatsApp and CERT-In have recommended that users take the following precautionary actions as soon as possible:

• Upgrade to the latest WhatsApp Desktop version (2.2450.6 or later) via the Microsoft Store.
• Refrain from opening any questionable or unfamiliar file attachments received through WhatsApp Desktop.
• Ensure that your operating system and antivirus software are up to date to provide optimal protection.
• Avoid clicking on untrusted links or downloading files from unofficial sources.
• Only download updates from reliable platforms such as the WhatsApp website or the Microsoft Store.