Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Western Digital has released security updates for a critical vulnerability affecting multiple My Cloud network-attached storage (NAS)<\/a> devices.<\/p>\n The flaw, tracked as CVE-2025-30247, could allow a remote attacker to execute arbitrary code on vulnerable systems, potentially leading to a complete device takeover.<\/p>\n The company addressed the high-severity issue in My Cloud Firmware version 5.31.108, which was released on September 24, 2025.<\/p>\n A successful exploit of this remote code execution (RCE) vulnerability would enable an unauthenticated attacker to compromise the security of the NAS device.<\/p>\n This could result in data theft<\/a>, the deployment of malware or ransomware, or the integration of the compromised device into a botnet for use in further attacks.<\/p>\n Given that NAS devices often store sensitive personal and business data, the impact of such a compromise could be severe.<\/p>\n Western Digital has strongly urged all users to promptly update their devices to the latest firmware to mitigate the threat. The update can be applied directly through the firmware update notification within the device\u2019s administrative interface.<\/p>\n The advisory credits security researcher w1th0ut for discovering and responsibly reporting<\/a> the vulnerability, allowing the company to develop and issue a patch.<\/p>\n The security update is crucial for a wide range of products in the My Cloud family. Western Digital has confirmed that the following devices are impacted and should be updated to firmware version 5.31.108 or later to be protected against CVE-2025-30247.<\/p>\n This incident highlights the ongoing security risks associated with internet-connected storage devices. Threat actors frequently scan for and target unpatched NAS systems due to the valuable data they contain.<\/p>\n Applying security patches as soon as they become available is one of the most effective measures users can take to protect their data from unauthorized access and cyberattacks<\/a>.<\/p>\n Users are advised to review their device settings and ensure that automatic updates are enabled, where possible, to maintain security.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nAffected Devices and Mitigation<\/strong><\/h2>\n
\n