Main Vulnerability Database SB2025041018

SB2025041018 - Remote code execution in WhatsApp for Windows

Published: April 10, 2025

Security Bulletin ID SB2025041018

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Spoofing attack (CVE-ID: CVE-2025-30401)

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to incorrect processing of attachments within the application. The interface showed the attachment type based on its MIME type, however selected the file opening handler based on the attachment’s filename extension. A remote attacker can trick the victim into opening a specially crafted attachment file and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

https://www.facebook.com/security/advisories/cve-2025-30401
https://www.whatsapp.com/security/advisories/2025/