Meta has issued a crucial advisory for Windows users of the WhatsApp messaging app, urging them to upgrade to the latest version to eliminate a serious vulnerability that could allow malicious actors to execute harmful code on their devices.

Identified as a spoofing issue and tracked under the identifier CVE-2025-30401, this security flaw poses a risk as attackers can exploit it by sending specially crafted files with manipulated file types to unsuspecting users. The vulnerability affects all versions of WhatsApp and has been addressed in the newly released WhatsApp 2.2450.6.

In a statement provided on Tuesday, WhatsApp explained, "A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment's filename extension." This means that a cleverly disguised attachment could lead to users unwittingly executing arbitrary code when they attempt to open it.

The flaw was discovered by an external researcher, who reported it through Meta's Bug Bounty program. As of now, it remains unclear whether the vulnerability has been exploited in active attacks.

This latest incident isn’t an isolated case. Back in July 2024, WhatsApp resolved a somewhat similar issue where Python and PHP files could be executed without adequate warnings on Windows systems where Python was installed.

As threats to user security continue to mount, WhatsApp has also been the target of numerous spyware attacks. Recently, researchers from the University of Toronto's Citizen Lab uncovered a zero-click, zero-day security vulnerability in WhatsApp that was used to deploy Paragon's Graphite spyware.

Last January, after addressing the security concern through server-side fixes, WhatsApp notified around 90 Android users across multiple countries—including journalists and activists in Italy—who had been specifically targeted in the Paragon spyware incidents.

Further highlighting the ongoing risks posed by spyware, a U.S. federal judge ruled last December that the Israeli cybersecurity company NSO Group had misused WhatsApp's vulnerabilities to deploy its notorious Pegasus spyware on at least 1,400 devices, thereby breaching U.S. hacking regulations.

For users, this continuous cycle of vulnerabilities and exploits serves as a stark reminder of the critical importance of keeping apps up to date and staying informed about security threats. Don’t be a victim; update WhatsApp now and safeguard your personal data!