New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity security advisory for WhatsApp Desktop users on Windows, warning of a critical vulnerability that could allow attackers to execute arbitrary code or carry out spoofing attacks, potentially compromising system security.
Table of Contents
Who Is Affected?
The vulnerability specifically targets WhatsApp Desktop for Windows versions earlier than 2.2450.6. According to CERT-In, the flaw arises from a misconfiguration between the MIME type and file extension, resulting in improper handling of attachments. This could allow a remote attacker to exploit the issue by sending a specially crafted file.
Threat Level and Risks
CERT-In has rated the vulnerability as “high” in severity, citing the potential for unauthorised access, data theft, or even complete system compromise. The flaw has been cataloged under CVE-2025-30401 and affects users who rely on the desktop version of WhatsApp for daily messaging, calling, and media sharing.
If an affected user opens a malicious file sent through WhatsApp, it could enable the attacker to run unauthorized code or impersonate system elements—posing a serious threat to both individual and organizational cybersecurity.
Government Advisory and Warning
The Indian cybersecurity agency emphasized that this is a remote-exploitable vulnerability, which means an attacker doesn’t require physical access to the device. Simply sending a malicious attachment could be enough to trigger the exploit once opened by the user.
The government has stressed the urgency of the matter, urging WhatsApp users to act immediately to mitigate potential damage.
What Users Should Do Now
To protect against this vulnerability, CERT-In has issued the following recommendations:
- Immediately update WhatsApp Desktop to version 2.2450.6 or later
- Visit the official WhatsApp security advisory page for detailed information
- Avoid opening unsolicited or suspicious attachments, even from known contacts
- Enable automatic updates to stay protected from future vulnerabilities
- Practice general cybersecurity hygiene, such as regular software updates and use of antivirus tools
Widespread Implications
With millions of users relying on WhatsApp Desktop for both personal and professional communications, this vulnerability serves as a reminder of the inherent risks in popular software platforms. CERT-In’s warning highlights the importance of staying updated and vigilant to prevent falling victim to cyberattacks.
