Facebook parent Meta has warned of a significant vulnerability in the Microsoft Windows version of its popular WhatsApp messaging platform that could leave users at risk or falling victim to a variety of cyber attacks, up to and including ransomware incidents.

In an online advisory, Meta said that the spoofing issue – which exists in versions prior to 2.2450.6 and is being tracked as CVE-2025-30401 – causes WhatsApp to display attachments sent via the messaging platform according to their Multipurpose Internet Mail Extension (MIME) type but to select the file opening handler based on the true filename extension of said attachment.

In this instance, should a malicious actor deliberately alter the MIME type, they could cause the recipient to inadvertently execute arbitrary code rather than view the attachment when they manually open it inside WhatsApp.

In practice, this means that a victim might see an attachment appearing to be an innocent .jpeg file and be convinced to open it, only to have it turn out to be a .exe file – that is to say, malware.