A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.
With a CVSS score of 6.7, this vulnerability is classified as medium severity. Organizations should address it in their priority patch cycle. The risk to organizations includes the potential for arbitrary code execution, which could compromise system integrity and confidentiality.
Currently, there are no known exploits for this vulnerability, and it has not been categorized within the Known Exploited Vulnerability (KEV) catalog. However, the potential for future exploitation underscores the importance of timely remediation.
Organizations using affected versions of WhatsApp should prioritize updating to version 2.2450.6 or later to mitigate this risk.
Vulnerability Details
A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment's filename extension. The vulnerability allows a maliciously crafted mismatch to result in arbitrary code execution when a user opens an attachment. As of now, no public exploit has been confirmed.
The CVSS score for this vulnerability is 6.7, indicating medium severity. The affected product is WhatsApp for Windows, and the publication date of this vulnerability is April 5, 2025.
Technical Analysis
The root cause of this vulnerability stems from how WhatsApp handles file attachments. The attachment's MIME type is displayed correctly; however, the file opening handler is determined by the filename extension. This discrepancy can lead to a scenario where an unsuspecting user may inadvertently execute harmful code by opening a malicious attachment.
The attack vector is network-based, and the complexity is classified as high, requiring low privileges and user interaction. The confidentiality and integrity impacts are both high, while the availability impact is low.
Risk & Impact Analysis
The risk to organizations includes potential unauthorized access to sensitive data and system integrity loss through arbitrary code execution. As the vulnerability has a medium CVSS score, organizations should address this in their priority patch cycle to mitigate the risks associated with file attachment handling in WhatsApp.
Given the nature of the vulnerability, the potential blast radius could be considerable if exploited, especially in environments where WhatsApp is widely used for communication. Therefore, organizations should prioritize patching immediately.
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
All versions of WhatsApp for Windows prior to version 2.2450.6 are affected by this vulnerability. Organizations should ensure they upgrade to this version or later to mitigate the risk.
Mitigation & Remediation
To remediate this vulnerability, organizations should update WhatsApp to version 2.2450.6 or later immediately. If an update is not feasible, consider implementing network controls to limit exposure and monitor user interactions closely.
Additionally, organizations may benefit from conducting regular security assessments and penetration testing to identify similar weaknesses in their applications. For more information on testing, organizations should refer to our penetration testing services.
Detection Guidance
Organizations should monitor logs for any unusual file execution patterns and user interaction with attachments. Behavioral anomalies when opening attachments could indicate attempts to exploit this vulnerability.
AppSecure Threat Intelligence Insight
The significance of this vulnerability lies in its potential to be exploited in environments where users frequently handle attachments. Security teams should remain vigilant for similar vulnerabilities and ensure robust handling of file attachments.
Organizations can learn from this incident by reviewing their file handling policies and implementing stricter validation of attachment types and extensions. For insights on vulnerability management, refer to our vulnerability management program design.
Additionally, implementing a robust security training program for employees can help prevent similar incidents, and organizations should consider our penetration testing methodology for further guidance.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)