WhatsAppdespite the interest that its huge user base awakens in cybercounts, it has a history quite solid of security. The ‘risks’ that the app has mainly come from the methods that scams have to manipulate and deceive the victims, but Not so much for security failures on the platform. To that contributes the rewards program by bugs discovery or finishing errors, BOUPY PROGRAM GOALwhich pays independent security researchers to identify and report vulnerabilities on their platforms. It has been through this program that has been discovered A vulnerability that affects the users of the app for Windows, present since its first version launched in 2016, and has now been solved.
Goal has warned Windows users on Tuesday to Update the WhatsApp application to the most recent version and correct this vulnerability that allows attackers Execute malicious code on your computers. Goal points out that vulnerability affects All WhatsApp versions for Windows launched in these 9 years and that is solved in the last one, WhatsApp 2,2450.6which is why it is necessary to update it.
The NVD (National Vulnerabilities Database, for its acronym in English) has included this Tuesday, registered as CVE-2025-30401and describe it as a falsification problem (Spoofing, a deception or manipulation technique to make something look like what is not). This vulnerability can be exploited by attackers by sending manipulated files With altered file types to possible victims.
This was done taking advantage of the protocol Mime (Initials in English of multipurpose internet email) of digital communications such as emails, web browsers or messaging applications. This is a standard indicating the nature and format of a file so that the system or application knows how to interpret and manage it.
‘A problem of falsification at WhatsApp for Windows, in versions prior to 2,2450.6, It showed the attachments according to its mime type, but chose the program to open the file according to the extension of the name‘, explained WhatsApp on the notice published Tuesday.
‘An intentionally manipulated discrepancy could have caused the recipient will inadvertently execute arbitrary code instead of visualizing the attached file When opening it manually inside WhatsApp ‘, he adds.
WhatsApp users through the Windows app can be updated from the Microsoft Store.