The National Information Technology Development Agency (NITDA) is raising alarm over a high-risk vulnerability discovered in WhatsApp for Windows that could expose users to dangerous cyberattacks through deceptively crafted file attachments.
The Federal IT agency is warning that the vulnerability, classified as C-2025-30401, is affecting all versions of WhatsApp for Windows prior to version 2.2450.6, creating a potential backdoor for cybercriminals to launch attacks by embedding harmful code into what appear to be innocent image, video, or document files.
The latest flaw stems from how WhatsApp processes media files using Multipurpose Internet Mail Extensions (MIME) types, a standard that helps applications recognise and display various content formats, NITDA states in a statement seen by Technology Times.
“Exploitation of this vulnerability” according to the agency, “could allow attackers to execute malicious code on affected devices, leading to unauthorised access, data theft, or further system compromise.”
“Exploitation of this vulnerability” according to the agency, “could allow attackers to execute malicious code on affected devices, leading to unauthorised access, data theft, or further system compromise.”
Threat actors are reportedly manipulating the MIME file type system to disguise malware as harmless media content, a method that could deceive even the most tech-savvy users if they are not cautious.
Calls for immediate action by WhatsApp for Windows users
NITDA is urging all WhatsApp for Windows users to immediately update the application to version 2.2450.6 or later, now available on the official WhatsApp website and the Microsoft Store.
The agency, which leads Nigeria’s digital security and development initiatives, is also issuing broader cybersecurity tips for Nigerian users to avoid becoming victims of this emerging threat.
“Avoid opening unexpected or suspicious files received through WhatsApp, even if they appear to come from trusted sources,” the statement advises. “Regularly update software and applications to close known vulnerabilities.”
This development adds to growing concerns over digital privacy and security in Nigeria and across Africa, where platforms like WhatsApp are vital tools for communication, business, and public service delivery.
Securing Nigeria’s digital landscape
The WhatsApp vulnerability alert reflects the increasing importance of NITDA’s role in safeguarding Nigeria’s digital ecosystem as cyber threats evolve in sophistication. Under its mandate, NITDA has stepped up its national cybersecurity watch to protect users of popular platforms and technologies.
In 2023, the Nigerian government passed the Nigeria Data Protection Act, reinforcing frameworks for user data protection and strengthening institutional responses to digital threats.
Experts have highlighted that messaging platforms like WhatsApp, widely used across Nigeria for everything from personal communication to official announcements, are frequently targeted by cybercriminals looking to exploit their popularity and wide reach.
What should WhatsApp users do now?
Update WhatsApp for Windows immediately to version 2.2450.6 or later.
Do not open media or document attachments from unknown or unexpected sources—even if they appear familiar.
Enable automatic updates on applications and operating systems to patch vulnerabilities swiftly.
By acting quickly, Nigerian WhatsApp users can avoid falling victim to an attack that hides behind the familiar interface of one of the world’s most-used messaging platforms, according to NITDA.
Home