A critical security vulnerability identified in WhatsApp for Windows has exposed millions of users to potential financial fraud and data theft through manipulated image files. The vulnerability, designated as CVE-2025-30401, affects WhatsApp versions prior to v2.2450.6 and allows attackers to execute malicious code by exploiting how the application handles file attachments.
Critical Windows WhatsApp flaw exposes users to fraud via malicious images, targeting versions before v2.2450.6 through attachment manipulation.
Meta, WhatsApp’s parent company, has classified this as a spoofing issue where attachments display based on MIME type but execute according to filename extensions. This mismatch permits cybercriminals to disguise harmful scripts as innocent image files, which activate upon opening. With end-to-end encryption protecting normal message content, attackers now target vulnerabilities in image handling to bypass security. The vulnerability’s gravity is exemplified by a recent incident in Madhya Pradesh, where a user lost ₹2 lakh after merely opening a compromised image file.
The technical exploitation occurs without requiring suspicious links or application downloads, making it particularly hazardous. When users open infected images, malware silently installs in the background, gaining permissions to read messages and monitor device activities. This malicious software particularly targets one-time passwords and security verification codes used in banking transactions, facilitating unauthorized financial operations without direct sharing of banking credentials. The Smart Firewall feature in Norton can help detect and block such suspicious network activities.
Attackers employ sophisticated social engineering tactics, presenting harmful images as urgent or personal content from both unknown numbers and compromised contacts. The attack’s effectiveness stems from its ability to bypass traditional security awareness training, as it doesn’t rely on suspicious external links or obvious scam indicators. The malware’s stealthy nature makes detection challenging for average users, as it leaves minimal traces of its presence. Initial discovery of the vulnerability came through Meta Bug Bounty program submissions.
To protect against this threat, WhatsApp users must update their applications immediately, with Windows users particularly upgrading to version v2.2450.6 or newer. Security experts recommend verifying sender identity through secondary channels before opening attachments, even from familiar contacts. Regular security updates and increased awareness about current threats remain crucial in preventing unauthorized access and financial losses through this sophisticated attack vector.
