in context: WhatsApp is one of the most popular communication platforms of all time with around three billion users worldwide. This means that even a little safety defect in the app can cause a serious risk for many people.
Meta updated the Microsoft Store version of its WhatsApp app recently to patch the potentially dangerous safety vulnerability discovered by external researchers. According to WhatsApp security advisor, defects could be exploited to run malicious code on a PC, which affects the versions of WhatsApp for Windows before 2.2450.6.
The issue tracked as CVE-2025-30401, Windows app stems from how the file attachment has handled. In particular, WhatsApp trusted the file extension to determine how to open the attachment. Unlike mime types, file extensions can be misleading, potentially users can trick users to execute arbitrary, malicious code while opening a file within WhatsApp.
A careful mismatch can be led to a codes execution between the file extension of an attachment and its mime type, the advisor explained. Meta did not name the external researcher, who discovered vulnerability, although it is likely that he was rewarded through a company’s bug bounty program.
Microsoft Store apps are usually updated automatically, so a new version of the WhatsApp app must now be available with a fix for CVE-2015-30401 vulnerability. The app currently holds a 4.7 of the five, which describes the meta as a “100% free” messaging platform used by more than two billion people in more than 180 countries.
WhatsApp is definitely useful for work, fun and personal communication, although it is not clear that users must be forced to install a dedicated Windows app when service runs quite well in a browser when the service runs quite well. Just two years ago, the users were giving the sound of disappointment with the meta on the misleading and bloated app, which were forced to download, especially when compared to the original desktop client.
In my experience, the so -called “native” Windows apps from the Microsoft Store are often lower than the poorly customized shells wrapped around a browser engine. To make cases worse, they ignore basic security hygiene. Modern web browsers on windows include underlying security that can mark issues such as CVE-2015-30401 more easily. Additionally, Windows originally provides a safety layer known as the Mark of the Web, which warns users about potentially dangerous “internet files”.
