CVE-2025-30401 — MEDIUM (6.7)

Q: How severe is CVE-2025-30401?

CVE-2025-30401 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-30401?

Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp.

Vulnerability Description

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Whatsapp	Whatsapp	< 2.2450.6

References

https://www.facebook.com/security/advisories/cve-2025-30401Third Party Advisory
https://www.whatsapp.com/security/advisories/2025/

FAQ

What is CVE-2025-30401?

CVE-2025-30401 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension...

How severe is CVE-2025-30401?

CVE-2025-30401 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30401?

Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp.