1.0 Introduction
Recently, Meta has released a security advisory to address a high-severity vulnerability tracked as
CVE-2025-30401, in WhatsApp Desktop for Windows.
2.0 Impact
This vulnerability allows remote attackers to execute arbitrary code by sending malicious file attachments. Attackers can exploit this flaw by crafting deceptive files that appear not harmful (eg., images) within WhatsApp but are execute as malicious code when opened.
3.0 Affected Products
All WhatsApp Desktop for Windows versions prior to 2.2450.6
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the
Meta Security Update
and apply the necessary updates.
Kindly refer to the following URL: https://www.whatsapp.com/security/advisories/2025/?fbclid=IwZXh0bgNhZW0CMTEAAR4jipfgS7bA5CWka8lrWNg6HhGBQfCcnX2MJhbnNcTRDxLeQhIPcgYAiFINxg_aem_YR7l1WDPpb9FRNxs0q308A
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web:
https://www.mycert.org.my
5.0 References
- https://www.whatsapp.com/security/advisories/2025/?fbclid=IwZXh0bgNhZW0CMTEAAR4jipfgS7bA5CWka8lrWNg6HhGBQfCcnX2MJhbnNcTRDxLeQhIPcgYAiFINxg_aem_YR7l1WDPpb9FRNxs0q308A
- https://www.facebook.com/security/advisories/cve-2025-30401
- https://www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/
- https://www.theregister.com/2025/04/08/whatsapp_windows_bug/
- https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/