WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments

“A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” stated the official advisory from Facebook, WhatsApp’s parent company. The spoofing vulnerability, officially tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior to 2.2450.6 and poses a significant risk to users who interact with attachments sent through the platform. An attacker could craft a file with a misleading combination of MIME type and filename extension, causing users to inadvertently execute arbitrary code when manually opening what appeared to be a harmless attachment. In 2024, security researcher Saumyajeet Das discovered a separate vulnerability in WhatsApp for Windows that allowed the execution of Python and PHP scripts without warning when opened. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. When the recipient opens this attachment directly from within WhatsApp, instead of viewing an image, they would unknowingly execute potentially malicious code. Security analysts note that this vulnerability is particularly dangerous in group chat scenarios, where malicious attachments could reach multiple victims simultaneously. Users of WhatsApp for Windows are strongly encouraged to update their applications immediately to version 2.2450.6 or later, which addresses the spoofing vulnerability. A cybercriminal could send what appears to be a standard image file within WhatsApp, but the attachment might actually have an executable extension.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Apr 2025 05:50:14 +0000


Cyber News related to WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments

WhatsApp flaw can let attackers run malicious code on Windows PCs - On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click ...
1 month ago Bleepingcomputer.com CVE-2025-30401
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users - Meta filed the lawsuit against NSO Group on October 29, 2019, in the U.S. District Court for the Northern District of California, alleging that NSO had exploited a vulnerability in WhatsApp's calling feature to deliver its Pegasus spyware to ...
3 weeks ago Bleepingcomputer.com CVE-2019-3568
WhatsApp's new Advanced Chat Privacy protects sensitive messages - "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp ...
1 month ago Bleepingcomputer.com
WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments - “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” stated the official advisory from Facebook, ...
1 month ago Cybersecuritynews.com CVE-2025-30401
WhatsApp Hit with €55 Million Fine for Privacy Violations - WhatsApp is facing an €55 million privacy-related fine from the European Union’s data protection authority for allegedly violating the region's data protection laws. ...
2 years ago Thehackernews.com
WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off - The chatbot built into WhatsApp is not as powerful as Meta AI's web app, but it can answer your questions, reply with a large chunk of text, share links from Bing, and even create images. On March 19, WhatsApp owner Meta announced that a variety ...
2 months ago Bleepingcomputer.com
WhatsApp's new Secret Code feature hides your locked chats - WhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password. After it reaches your device, you can set a code specifically for securing locked chats independent from the device unlock ...
1 year ago Bleepingcomputer.com
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
1 year ago Cybersecuritynews.com
US Jury Orders NSO Group to Pay $168 Million to WhatsApp - Meta hailed the verdict as a milestone for digital privacy and security, stating, “Today’s verdict in the WhatsApp case marks a significant advancement for privacy and security, representing the first triumph against the creation and utilization ...
3 weeks ago Cybersecuritynews.com
WhatsApp Fined €5.5 Million for Enforcing Data Processing Update - Heimdal Security recently reported that WhatsApp, the world’s most popular messaging service, has been fined €5.5 million by the Italian Data Protection Authority (GPDR) for violating user privacy. According to the report, the WhatsApp ...
2 years ago Heimdalsecurity.com
WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps - Despite WhatsApp working on its interoperability plan for more than a year, it will still take some time for third-party chats to hit people's apps. Messaging companies that want to interoperate with WhatsApp or Messenger will need to sign an ...
1 year ago Wired.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
1 year ago Cysecurity.news
WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - 42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant ...
1 year ago Helpnetsecurity.com
Jury orders NSO Group to pay $168 million to WhatsApp for facilitating Pegasus hacks of its users | The Record from Recorded Future News - NSO’s case was severely hampered by its inability to offer the court any details of its clients' aims in the attacks, prompting Northern California federal judge Phyllis Hamilton to bar the spyware firm from presenting any evidence related to ...
3 weeks ago Therecord.media
Microsoft OneNote Attachments are Now being Used by Hackers to Spread Malware - According to researchers, hackers are now using Microsoft OneNote attachments as a way to spread malicious software. This is the latest tactic in a long line of malicious actors attempting to infiltrate computers and networks with malicious code. ...
2 years ago Bleepingcomputer.com
CVE-2019-3568 - A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android ...
2 months ago
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
2 months ago Cybersecuritynews.com
CVE-2021-24042 - The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop ...
3 years ago
WhatsApp unveils 'Private Processing' for cloud-based AI features - Next, the user's device sends an end-to-end encrypted request for AI data processing using an ephemeral encryption key, which is processed inside a Confidential Virtual Machine (CVM) isolated from Meta. WhatsApp has announced the introduction of ...
1 month ago Bleepingcomputer.com
CVE-2018-6350 - An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, ...
5 years ago
Italian Data Protection Authority Fines WhatsApp €5.5 Million - The Italian Data Protection Authority (DPA) has fined WhatsApp €5.5 million as a result of violations of the European Union’s General Data Protection Regulation (GDPR). ...
2 years ago Securityaffairs.com
WhatsApp’s New Advanced Chat Privacy Feature to Protect Sensitive Conversations - Available for both one-on-one and group chats, Advanced Chat Privacy empowers users to block others from exporting chat histories, automatically downloading shared media, and using messages for AI features. While Advanced Chat Privacy significantly ...
1 month ago Cybersecuritynews.com
Attack of the copycats: How impostor apps and fake app mods could bite you - Instant communication services are among the most popular apps on iOS and Android alike - US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service. ...
1 year ago Welivesecurity.com
CVE-2021-24043 - A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, and WhatsApp Desktop v2.2145.0 could have allowed ...
3 years ago
CVE-2020-1907 - A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 ...
4 years ago