PT-2026-4833 · Western Digital+1 · Wd Discovery+1
Published
2026-01-26
·
Updated
2026-01-27
·
CVE-2025-30248
CVSS v4.0
8.9
High
| Vector | AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
Western Digital WD Discovery version 5.2.730
Description
A flaw exists in the WD Discovery Installer that allows a local attacker to execute arbitrary code. This is possible through DLL hijacking by placing a crafted DLL in the installer’s search path. The issue affects Windows systems.
Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the WD Discovery Installer to minimize the risk of exploitation.
Fix
LPE
RCE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wd Discovery
Windows