Critical RCE Flaw in Western Digital My Cloud NAS (CVE-2025-30247)
▼ Summary
– Western Digital has patched a critical remote code execution vulnerability (CVE-2025-30247) in My Cloud NAS device firmware and urges immediate updates.
– The vulnerability allows remote attackers to execute arbitrary system commands via a crafted HTTP POST request without requiring authentication.
– Successful exploitation could lead to full system compromise, giving attackers access to all stored data for encryption, deletion, or modification.
– Affected devices include specific My Cloud models running firmware versions prior to v5.31.108 released on September 23.
– The vulnerability was privately reported with no known active exploitation, and automatic updates have already upgraded enabled devices.
Western Digital has issued a critical firmware update to address a severe remote code execution vulnerability, identified as CVE-2025-30247, impacting multiple My Cloud network-attached storage (NAS) models. The company strongly advises all users to install the latest firmware immediately to protect their stored data from potential unauthorized access and system takeover.
These My Cloud devices are popular among home users and small businesses for centralized file storage, backup solutions, and remote access via web browsers or mobile applications. The newly discovered security flaw exists within the firmware’s user interface and is classified as an OS command injection vulnerability. Attackers can exploit this weakness by sending a specially crafted HTTP POST request, enabling them to run arbitrary commands on the system remotely.
According to the Common Vulnerability Scoring System (CVSS) assessment, this vulnerability can be exploited without any form of authentication or user interaction. A successful attack could lead to a complete system compromise, giving threat actors full control over all stored files. They could potentially view, encrypt, delete, or alter sensitive data. Additionally, a compromised NAS unit might serve as an entry point for attackers to move laterally across the network and target other connected devices.
The security update is included in My Cloud firmware version 5.31.108, released on September 23. Affected models include the My Cloud PR2100, PR4100, EX2 Ultra, EX4100, Mirror Gen 2, EX2100, DL2100, DL4100, WDBCTLxxxxxx-10, and the standard My Cloud series. Users with devices running earlier firmware versions should upgrade without delay.
This vulnerability was disclosed through private reporting channels, and there are currently no known instances of active exploitation in the wild. Western Digital recommends that users manually check for and apply the available firmware update through the device’s notification system. For those who have enabled automatic firmware updates, the patch should already be installed provided the device remained connected and powered on during the update period.
Staying informed about emerging security threats is essential for maintaining digital safety. Enabling alerts for breaking cybersecurity news ensures you receive timely information about new vulnerabilities and data breaches as they are disclosed.
(Source: HelpNet Security)
