High-Security Alert: CERT-In Warns WhatsApp Desktop Users of Critical Vulnerability on Windows

New Delhi April 11, 2025 — The Indian Computer Emergency Response Team (CERT-In), under the Ministry of Electronics and Information Technology, has issued a high-severity vulnerability alert for WhatsApp Desktop users on Windows. This critical flaw, labeled CIVN-2025-0075, affects application versions prior to 2.2450.6 and could expose users to data breaches, unauthorised access, and remote code execution.

WhatsApp Desktop Spoofing Vulnerability: What You Need to Know

The newly identified vulnerability stems from a misconfiguration in MIME type and file extension handling for file attachments. This loophole could allow cyber attackers to bypass standard security measures by disguising malicious files as legitimate ones. Once a victim opens such a file on WhatsApp Desktop, the system could inadvertently execute arbitrary code, compromising the device and potentially leading to data theft or malware infiltration.

Affected Versions and Platforms

• Platform: Windows

• Affected Application: WhatsApp Desktop (pre-2.2450.6)

• Severity Level: High

• Identifier: CIVN-2025-0075

The flaw does not affect mobile versions of WhatsApp, but users of the Windows desktop client are at significant risk if using outdated versions.

How to Protect Yourself

CERT-In has issued the following recommendations to ensure user safety:

Update Immediately:
Upgrade to WhatsApp Desktop version 2.2450.6 or later through the official or Microsoft Store.

Avoid Suspicious Attachments:
Do not open files from unknown or unverified sources, especially attachments that appear suspicious or lack standard file extensions.

Enable Auto-Updates:
Activate automatic updates to ensure your apps stay patched with the latest security fixes.

Run Security Software:
Keep antivirus and anti-malware tools updated to detect and mitigate emerging threats.

WhatsApp’s Broader Security Context

This alert arrives in the wake of Meta’s broader crackdown on misuse across its messaging platform. WhatsApp recently banned 8.45 million accounts in India in a single month (August 2024) due to violations related to fraudulent activities. This action aligns with India’s Information Technology Rules, 2021, reinforcing the platform’s responsibility to ensure a secure environment for its users.

As WhatsApp continues to dominate communication globally, such incidents serve as a critical reminder of the importance of cybersecurity hygiene, especially for applications with widespread reach and access to sensitive user data.