In context: WhatsApp is one of the most popular communication platforms of all time with around three billion users worldwide. This means that even the slightest security flaw in the app could pose a serious risk to lots of people. Meta recently updated the Microsoft Store version of its WhatsApp app to patch a potentially dangerous security vulnerability discovered by external researchers. According to WhatsApp's security advisory, the flaw could have been exploited to run malicious code on a PC, affecting versions of WhatsApp for Windows prior to 2.2450.6. The issue, tracked as CVE-2025-30401, stemmed from how the Windows app handled file attachments. Specifically, WhatsApp relied on the file extension to determine how to open an attachment. Unlike MIME types, file extensions can be misleading, potentially tricking users into executing arbitrary, malicious code when opening a file within WhatsApp. A carefully crafted mismatch between an attachment's file extension and its MIME type could have led to code execution, the advisory explained. Meta did not name the external researcher who discovered the vulnerability, though it's likely they were rewarded through the company's Bug Bounty program. Microsoft Store apps are typically updated automatically, so a newer version of the WhatsApp app should now be available with a fix for the CVE-2025-30401 vulnerability. The app currently holds a 4.7 out of five rating, offering what Meta describes as a "100% free" messaging platform used by over two billion people across more than 180 countries. WhatsApp is certainly useful for work, fun, and personal communication, though it's unclear why users should feel compelled to install a dedicated Windows app when the service runs quite well in a browser. Just two years ago, users were voicing frustration with Meta over the confusing and bloated app they were forced to download, especially when compared to the original desktop client. // Related Stories In my experience, so-called "native" Windows apps from the Microsoft Store are often little more than poorly optimized shells wrapped around a browser engine. To make matters worse, they tend to neglect basic security hygiene. Modern web browsers on Windows include built-in protections that could have flagged an issue like CVE-2025-30401 more easily. Additionally, Windows natively provides a security layer known as Mark of the Web, which warns users about potentially dangerous "internet files."