Critical remote code execution flaw patched in Western Digital My Cloud NAS devices
Take action: If you have a Western Digital My Cloud network storage device, make sure it's isolated from the internet and accessible only from trusted networks. Then check that it's running firmware version 5.31.108 or later. If not, apply the update right away. Even if isolated, attackers will eventually find a way to hack it. So don't wait, the update should be simple.
Learn More
Western Digital has patched a critical security vulnerability in its My Cloud network-attached storage devices.
This flaw is tracked as CVE-2025-30247 (CVSS score 9.8), is an OS command injection vulnerability in the firmware's user interface and allows remote attackers to execute arbitrary system commands via a HTTP POST request. The exploit does not require authentication or user interaction.
A successful attack can result in full system compromise, granting attackers complete access to all data stored on the device. Once compromised, attackers could encrypt the data for ransom purposes, wipe it, or use it as a foothold for further attacks in the network.
Affected versions include are all My Cloud firmware versions prior to v5.31.108 across the following supported devices:
- My Cloud PR2100
- My Cloud PR4100
- My Cloud EX2 Ultra
- My Cloud EX4100
- My Cloud Mirror Gen 2
- My Cloud EX2100
- My Cloud DL2100
- My Cloud DL4100
- My Cloud WDBCTLxxxxxx-10
- My Cloud
Western Digital released the security patch in firmware version 5.31.108 on September 23-24, 2025.
The company strongly recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification. Devices with automatic firmware updates enabled should already be upgraded, provided they were not disconnected or powered off during the update window.
