Western Digital has issued firmware updates for select My Cloud NAS devices to fix a critical OS command injection vulnerability (CVE-2025-30247), which could allow remote execution of malicious commands. Users are advised to update to version 5.31.108 immediately or disconnect devices until the update is applied for enhanced security. #WesternDigital #MyCloudVulnerability
Keypoints
- A critical security flaw in Western Digitalβs My Cloud NAS devices allows remote execution of arbitrary commands.
- The vulnerability is tracked as CVE-2025-30247 and affects multiple My Cloud models.
- Western Digital released firmware version 5.31.108 to address the OS command injection flaw.
- Exploitation of thisζΌζ΄ could lead to unauthorized access, data modification, or system control.
- Users are urged to update their devices or disconnect till the firmware is applied, especially for out-of-support models.