
India’s cybersecurity agency, CERT-In (Computer Emergency Response Team), has issued a high-severity warning for users of WhatsApp Desktop, highlighting a critical vulnerability that could allow hackers to steal personal data or take full control of affected systems.
The flaw, identified as CVE-2025-30401, affects WhatsApp Desktop for Windows versions prior to 2.2450.6. According to the advisory, the vulnerability stems from a misconfiguration between MIME types and file extensions, which leads to the improper handling of attachments. This could allow attackers to embed malware within seemingly harmless files, such as images, which execute malicious code when opened manually within WhatsApp.
"A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment," said Meta, WhatsApp’s parent company, in its official security bulletin.
Who is at risk?
This issue specifically targets users who have installed WhatsApp Desktop on Windows PCs. CERT-In warns that successful exploitation could lead to spoofing attacks, unauthorised data access, or full system compromise. With over 400 million active WhatsApp users in India alone, the scale of potential impact is significant.
How to stay protected?
WhatsApp and CERT-In have urged users to take the following steps immediately:
For Unparalleled coverage of India's Businesses and Economy – Subscribe to Business Today Magazine