What is CVE-2025-30401?

CVE-2025-30401 is a vulnerability in Facebook Whatsapp Desktop For Windows, classified under CWE-430. Published 2025-04-05.

Is CVE-2025-30401 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Facebook Whatsapp Desktop For Windows

CVE-2025-30401

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could…

EPSS: 0.002 (46.1th percentile) — read the EPSS interpretation.

Affected products

Facebook Whatsapp Desktop For Windows — versions 0.0.0

Weakness classification (CWE)

CWE-430

Public proof-of-concept exploits

PuddinCat/GithubRepoSpider
nomi-sec/PoC-in-GitHub
plzheheplztrying/cve_

References

www.facebook.com/security/advisories/cve-2025-30401 (x_refsource_CONFIRM)
www.whatsapp.com/security/advisories/2025/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2025-30401?: CVE-2025-30401 is a vulnerability in Facebook Whatsapp Desktop For Windows, classified under CWE-430. Published 2025-04-05.
Is CVE-2025-30401 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.