Dear HackingBlogs family, hello! I realize it is been a long time since I provided an update. Although life kept me somewhat busy, I am back with some important facts you should be aware of. The reason I am here today is to discuss a very important WhatsApp vulnerability.
As everyone is aware, there are no significant security issues with photographs or image files, therefore clicking on them has long been regarded as safe. It turns out, however, that our assumptions were incorrect. When you click on a picture, a script is launched, giving the hacker complete control over the filesystem on your device.
Yes, you read that right — just one click and your device is compromised.
This is how the attack operates
An image-like file with a malicious file extension hidden inside can be made by a hacker. For instance, the file may seem in WhatsApp as an image (such as a.jpg), but it may be a malicious executable file (.exe), a sort of file that can run programs. Instead of only displaying the image, the system might interpret the file as executable and run malicious code if the user opens it. The attacker could be able to take over the device as a result.
The versions of WhatsApp for Windows that are affected by this issue are from version 0.0.0 up to, but not including, version 2.2450.6.
The vulnerability has been given a severity level of 6.7 out of 10 due to the complexity of the potential attack and the necessary user participation.
Example of the WhatsApp Vulnerability in Action (CVE-2025-30401):
Step 1: The Malicious File
A malicious executable file, such malicious.exe, could be made by an attacker with the intention of carrying out destructive tasks, such as breaking into a victim’s system. This file would come in a PDF or picture bundle. For instance:
Name of the file: image.jpg.exe
Type of MIME: image/jpeg
An executable program, typically found in.exe files, has the ability to run code that compromises your system. Still, it appears to be a harmless picture file because the MIME type which informs WhatsApp of the type of file is tagged as image/jpeg. The filename is intentionally false.
Step 2: Sending the File
The attacker offers as an image and delivers the file as an attachment over WhatsApp. The victim is unaware of it since it appears to them as an image file.
Step 3: Opening the File
WhatsApp displays the attachment as an image to the user when the victim opens it, depending on its MIME type (image/jpeg). The key is that WhatsApp uses the file extension (image.jpg.exe) to determine what to do with the file when the user clicks to open it.
The system will treat the file as an executable file rather than an image because it ends in.exe, and it may execute malicious code rather than merely display the image.
Step 4: Malicious Code Execution
Now that the malicious.exe file’s code has been installed on the victim’s device, it has the potential to take over the computer, steal files, or even obtain access to the victim’s system.
Step 5: Prevention and Fix
Users should make sure they update WhatsApp to version 2.2450.6 or later in order to avoid this problem. This type of attack is prevented and the file type mismatch is handled more securely in the upgraded version of WhatsApp.
How To Check Your Watsapp Version
Click on the three-dot menu in the top-left corner of the WhatsApp window (next to your profile picture).
From the dropdown, select “Settings”.
In the Settings window, click on “About and Help”.
Next, click on “App Info”.
You’ll see the version number of the WhatsApp app displayed there.
