This warning was first highlighted on April 9, 2025, and reiterated on April 10th and 14th, 2025, due to a significant vulnerability.
Are you affected?
You are affected if you are using WhatsApp Desktop for Windows versions older than 2.2450.6.
The Vulnerability:
The vulnerability, identified as CVE-2025-30401, arises from a misconfiguration in how WhatsApp Desktop handles attachments, specifically a mismatch between the file’s MIME type and its extension. This flaw can be exploited by attackers who send specially crafted malicious files. When a user manually opens such a file within WhatsApp Desktop, it could lead to:
- Execution of arbitrary code: Attackers could potentially run malicious software on your computer without your knowledge or permission.
- Spoofing attacks: Attackers might be able to disguise harmful files as legitimate ones.
- Data theft: Your personal data stored on your computer could be at risk of being stolen.
- Complete system control: In a worst-case scenario, attackers could gain unauthorized access and complete control over your Windows machine.
What the government has said:
CERT-In has classified this vulnerability as “high” severity due to the potential for significant damage. They have strongly urged users to take immediate action to protect their systems.
What you should do right now:
The most critical step to protect yourself from this vulnerability is to immediately update your WhatsApp Desktop application for Windows to the latest version (2.2450.6 or later).
Here’s how to update:
- Microsoft Store: Open the Microsoft Store on your Windows computer, search for “WhatsApp Messenger,” and click the “Update” button if it’s available.
- WhatsApp Website: You can also download the latest version from the official WhatsApp website.
General Security Tips for WhatsApp Users:
Even after updating, it’s always good practice to follow these general security tips to stay safe on WhatsApp:
- Be cautious with attachments: Avoid opening any suspicious or unexpected attachments, even from known contacts. Verify the sender and the content if something seems unusual.
- Enable Two-Step Verification: This adds an extra layer of security to your account by requiring a PIN when registering your phone number with WhatsApp. You can enable it in WhatsApp Settings > Account > Two-Step Verification. It’s also advisable to provide an email address for PIN recovery.
- Set a strong voicemail password: This prevents unauthorized access to your voicemail, which could be used to intercept verification codes.
- Regularly check linked devices: Go to WhatsApp Settings > Linked Devices to review all devices connected to your account. Log out any devices you don’t recognize.
- Enable App Lock (if available): On some devices, you can use fingerprint or Face ID to lock your WhatsApp app for an extra layer of privacy. For WhatsApp Web, you can also set up an app lock with a password in Settings > Privacy > App lock.
- Be wary of suspicious links and messages: Don’t click on links from unknown sources or respond to messages asking for personal information or money.
- Keep your operating system and antivirus software updated: This provides overall security for your computer.
- Download updates from official sources only: Always get your WhatsApp updates from the official Microsoft Store or the WhatsApp website to avoid downloading potentially malicious versions.
By taking these steps, you can significantly reduce the risk of your WhatsApp account and your computer being compromised. Stay vigilant and prioritize your digital safety.
