Warning: Critical command injection vulnerability in Western Digital My Cloud can lead to remote code execution, Patch Immediately!

Image
Decorative image
Publié : 01/10/2025
  • Last update: 30/09/2025
  • Affected software:
    → Western Digital My Cloud firmware < 5.31.108
  • Type: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • CVE/CVSS
    → CVE-2025-30247: CVSS 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)

Sources

NVD - https://nvd.nist.gov/vuln/detail/cve-2025-30247
Western Digital - https://www.westerndigital.com/support/product-security/wdc-25006-western-digital-my-cloud-os-5-firmware-5-31-108

Risks

This vulnerability allows unauthorized access to or modification of personal data stored on affected Western Digital My Cloud devices. Ransomware operators may exploit the flaw to encrypt the disks and extort device owners.

Exploitation requires no privileges or user interaction, and successful attacks can severely impact the confidentiality, integrity, and availability of the device.

Description

The vulnerability enables remote code execution through the device’s web interface without requiring authentication or user interaction. Internet-exposed devices are at particular risk of exploitation in the wild. A remote attacker can execute arbitrary system commands by sending specially crafted HTTP POST requests, making the vulnerability straightforward to exploit.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

HelpNetSecurity - https://www.helpnetsecurity.com/2025/09/30/western-digital-my-cloud-nas-cve-2025-30247/