#VU107341 Spoofing attack in WhatsApp for Desktop (Windows) - CVE-2025-30401
Published: April 10, 2025
Vulnerability identifier: #VU107341
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-30401
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
WhatsApp for Desktop (Windows)
WhatsApp for Desktop (Windows)
Software vendor:
WhatsApp
Description
The vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to incorrect processing of attachments within the application. The interface showed the attachment type based on its MIME type, however selected the file opening handler based on the attachment’s filename extension. A remote attacker can trick the victim into opening a specially crafted attachment file and execute arbitrary code on the system.
Remediation
Install updates from vendor's website.