CVE-2025-30247

Published Sep 29, 2025

Last updated 9 days ago

CVSS critical 9.3
Firmware

Overview

Description
An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a specially crafted HTTP POST.
Source
psirt@wdc.com
NVD status
Deferred

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

psirt@wdc.com
CWE-78

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #CommandInjection CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices https://t.co/mtqoe0gqla

    @Komodosec

    4 Nov 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Уязвимость CVE-2025-30247 в устройствах My Cloud от Western Digital открывает доступ к удаленному исполнению команд. Обновите прошивку (v5.31.108 и выше), чтобы защитить свои

    @cybereye_ru

    3 Oct 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Attention utilisateurs de My Cloud ! Une vulnérabilité critique a été corrigée par Western Digital (CVE-2025-30247). Mettez à jour votre firmware (v5.31.108 ou plus récent) pour protéger vos données. Votre sécurité est une priorité, êtes-vous à jour ? #MyCloudSécur

    @CyberSentinelle

    3 Oct 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. وضعت ويسترن ديجيتال حلاً لثغرة تنفيذ التعليمات البرمجية عن بُعد (CVE-2025-30247) في أجهزة تخزين My Cloud. هذه الثغرة خطيرة، لذا من الضروري تحديث البرمجيات الثابتة ا

    @Cybereayn

    3 Oct 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Güvenliğinizi tehlikeye atmayın! Western Digital, My Cloud cihazlarındaki kritik bir güvenlik açığını (CVE-2025-30247) kapattı. Hızla güncelleme yaparak verilerinizi koruma altına alın. Cihazınızı güncellediniz mi? #güvenlik_güncellemesi https://t.co/q4cnENk3

    @Siber_Kalkan_

    3 Oct 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️Vulnerabilidad en productos Western Digital ❗CVE-2025-30247 ➡️Más info: https://t.co/jgHMgUoi9o https://t.co/1LEM53bJpy

    @CERTpy

    2 Oct 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Critical WD My Cloud bug allows remote command injection (CVE-2025-30247) https://t.co/dvJ0ARjlCp #patchmanagement

    @eyalestrin

    2 Oct 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CRITICAL ALERT: Millions of Western Digital My Cloud Devices Are Wide Open to Total Takeover (CVE-2025-30247) Read the full report on - https://t.co/d5jGcUoNUs https://t.co/5BSV6nefwS

    @cyberbivash

    1 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 رخنه بحرانی در WD My Cloud (CVE-2025-30247) مهاجمان می‌توانند از راه دور دستورات مخرب اجرا کنند! پچ امنیتی: Firmware 5.31.108 منتشر شد. 📌 سریعاً به‌روزرسانی کنید. #Cybersecurit

    @vulnerbyte

    1 Oct 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. WD My Cloudにおけるリモートコマンドインジェクション脆弱性CVE-2025-30247の概要 https://t.co/O3lEPvM5z5 #Security #セキュリティー #ニュース

    @SecureShield_

    1 Oct 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-30247、RCE脆弱性。即対処を:【セキュリティ ニュース】Western DigitalのNAS製品「My Cloud」に深刻な脆弱性(1ページ目 / 全1ページ):Security NEXT https://t.co/fUy5aJaJPr

    @tamosan

    1 Oct 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A critical OS command injection vulnerability (CVE-2025-30247) affects Western Digital My Cloud NAS devices, allowing remote malicious commands. Firmware 5.31.108 fixes the issue. #WDMyCloud #RemoteAttack #USA https://t.co/VYFrkrRPrI

    @TweetThreatNews

    30 Sept 2025

    21 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Western Digital My #Cloud NAS #devices vulnerable to unauthenticated RCE (#CVE-2025-30247) https://t.co/gz2vQMRsLD

    @ScyScan

    30 Sept 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CRITICAL: CVE-2025-30247 impacts Western Digital My Cloud NAS. Unpatched devices allow remote command injection—update to 5.31.108 ASAP! 🔒 Restrict access & monitor for suspicious activity. https://t.co/rKdVXPsZWn... https://t.co/7N4WGPVkNt

    @offseq

    30 Sept 2025

    46 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

Related CVEs

  1. The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.CVE-2025-14858
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.CVE-2026-4903
  4. A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.CVE-2026-2417
  5. A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.CVE-2025-15605

References

Sources include official advisories and independent security research.