CVE-2025-30247

Name of the Vulnerable Software and Affected Versions Western Digital My Cloud NAS versions prior to 5.31.108

Description An OS command injection flaw exists in the user interface of Western Digital My Cloud NAS devices. This allows remote, unauthenticated attackers to execute arbitrary system commands by sending a specially crafted HTTP POST request. The flaw is present in versions of the firmware prior to 5.31.108. The vulnerability could lead to a full system compromise. Approximately 166,900 devices are potentially exposed. The vulnerability is exploited through crafted HTTP POST requests sent to vulnerable endpoints.

Recommendations Update the firmware to version 5.31.108 or newer.