Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution

Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution

Posted on By CWS

Western Digital has launched safety updates for a crucial vulnerability affecting a number of My Cloud network-attached storage (NAS) units.

The flaw, tracked as CVE-2025-30247, might permit a distant attacker to execute arbitrary code on weak techniques, probably main to an entire gadget takeover.

The corporate addressed the high-severity situation in My Cloud Firmware model 5.31.108, which was launched on September 24, 2025.

A profitable exploit of this distant code execution (RCE) vulnerability would allow an unauthenticated attacker to compromise the safety of the NAS gadget.

This might end in knowledge theft, the deployment of malware or ransomware, or the combination of the compromised gadget right into a botnet to be used in additional assaults.

On condition that NAS units usually retailer delicate private and enterprise knowledge, the affect of such a compromise may very well be extreme.

Western Digital has strongly urged all customers to promptly replace their units to the most recent firmware to mitigate the risk. The replace will be utilized instantly by means of the firmware replace notification throughout the gadget’s administrative interface.

The advisory credit safety researcher w1th0ut for locating and responsibly reporting the vulnerability, permitting the corporate to develop and situation a patch.

Affected Gadgets and Mitigation

The safety replace is essential for a variety of merchandise within the My Cloud household. Western Digital has confirmed that the next units are impacted and must be up to date to firmware model 5.31.108 or later to be protected in opposition to CVE-2025-30247.

My Cloud PR2100

My Cloud PR4100

My Cloud EX4100

My Cloud EX2 Extremely

My Cloud Mirror Gen 2

My Cloud DL2100

My Cloud EX2100

My Cloud DL4100

My Cloud WDBCTLxxxxxx-10

My Cloud

This incident highlights the continuing safety dangers related to internet-connected storage units. Risk actors continuously scan for and goal unpatched NAS techniques as a result of precious knowledge they include.

Making use of safety patches as quickly as they change into out there is likely one of the simplest measures customers can take to guard their knowledge from unauthorized entry and cyberattacks.

Customers are suggested to assessment their gadget settings and be sure that computerized updates are enabled, the place doable, to keep up safety.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

Paragon Spyware Blunder: LinkedIn Post Reveals Control Panel Paragon Spyware Blunder: LinkedIn Post Reveals Control Panel Cyber Security News
Microsoft Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges Microsoft Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges Cyber Security News
Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack Cyber Security News
Threat Actors can Use Xanthorox AI Tool to Generate Different Malicious Code Based on Prompts Threat Actors can Use Xanthorox AI Tool to Generate Different Malicious Code Based on Prompts Cyber Security News
New Frontiers In Identity-Based Access Control New Frontiers In Identity-Based Access Control Cyber Security News
CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks CastleBot Malware-as-a-Service Deploys Range of Payloads Linked to Ransomware Attacks Cyber Security News