- Western Digital Patches Critical RCE FLAW CVE-2025-30247 in multiple NAS MOD NAS models
- Vulnerability used via post HTTP requests targeting the user interface of my cloud
- End of life models will not receive updates; Users have asked to patcher or migrate to more recent devices
The Western Digital data storage giant has just corrected a vulnerability of critical severity that has been discovered in several NAS Cloud My Cloud models.
In a security notice, the company said it had been flooded on an OS command injection flaw in my cloud user interface, which could be abused via post -http requests specially designed to vulnerable devices.
The attack would grant the capacities of the execution of the remote code (RCE) of the actors of the threat-it is followed as CVE-2025-30247, and has received a gravity score of 9.3 / 10 (critic). Here is a complete list of affected models:
My Cloud Pr2100
My Cloud PR4100
My Cloud Ex4100
My Cloud Ex2 Ultra
My cloud mirror Gen 2
My Cloud DL2100
My Cloud Ex2100
My cloud DL4100
My cloud wdbctlxxx-10
End of life
My cloud DL4100 and my DL2100 cloud are two models that have reached their end -of -life status and, as such, will not get an update.
Users are advised to migrate to a more recent model, then apply the firmware patch to bring the device to version 5.31.108.
The default parameters allow automatic management of patches, but Western Digital always urges users to reveal the version they execute.
Alternatively, they can remove the device offline until they install the fix, but in this case, the cloud service features will not be available.
The devices manufacture a range of personal cloud storage solutions, used mainly to save multimedia and documents, broadcast it on smart televisions and mobile devices, or sharing with other people.
My Cloud is mainly designed for personal use, but there are certain models (mainly those in the EX and PR series) which are delivered with raid support, several training bays and improved user management, which also makes them somewhat adapted to small offices or prosption environments.
Via Bleeping Compompute
