WhatsApp Desktop for Windows Spoofing Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A spoofing vulnerability has been identified in WhatsApp Desktop for Windows, affecting versions prior to 2.2450.6. The issue arises because the application displayed attachments based on their MIME type but determined the file opening method according to the attachment's filename extension. This mismatch could have been exploited to trick users into executing arbitrary code instead of simply viewing the attachment when it was manually opened within WhatsApp.

Impact

Exploitation of this vulnerability could lead to unintended execution of arbitrary code on the user's system.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WhatsApp Desktop for Windows Spoofing Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

WhatsApp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating