Users are strongly advised to verify their current version of WhatsApp Desktop and update to version 2.2450.6 or later, which includes a patch for the issue
The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security advisory for users of WhatsApp Desktop on Windows, warning of a critical vulnerability that could allow attackers to execute arbitrary code or launch spoofing attacks.
The flaw, identified as CVE-2025-30401, affects WhatsApp Desktop versions prior to 2.2450.6. According to CERT-In, the issue stems from a misconfiguration between the file’s MIME type and its extension. This mismatch can result in improper handling of attachments, potentially giving attackers the opportunity to compromise system integrity when a user opens a malicious file.
“This vulnerability could allow remote attackers to execute arbitrary code or perform spoofing attacks by sending specially crafted attachments that trigger the flaw when opened manually in WhatsApp,” the advisory stated.
Due to the nature of the flaw and the widespread use of WhatsApp — not only for personal communication but increasingly in professional contexts — CERT-In has classified the threat as “high” in severity. The vulnerability could lead to data theft, impersonation, or even full control of the affected system if exploited successfully.
The flaw serves as a reminder of the risks associated with software misconfigurations, particularly in widely-used applications that handle files and media.
Users are strongly advised to verify their current version of WhatsApp Desktop and update to version 2.2450.6 or later, which includes a patch for the issue. WhatsApp has addressed the flaw and published a security advisory on its official website: https://www.whatsapp.com/security/advisories/2025.
In addition to updating the application, cybersecurity experts recommend avoiding unsolicited attachments, even if they appear to come from trusted contacts. Maintaining updated software and following basic cybersecurity practices, such as not clicking on unknown files and regularly checking for updates, can help reduce exposure to such vulnerabilities.
CERT-In’s alert is part of a broader effort to enhance awareness around digital threats and encourage proactive measures in the face of evolving cyber risks.