- Western Digital Patches Critical RCE ERROR CVE-2025-30247 in Multiple My Cloud NAS models
- Vulnerability utilized via designed http -post -requests that are targeted at My Cloud -User Interface
- Life models models do not receive updates; Users called for patch or migrate to newer devices
Data Store Giant Western Digital just got a vulnerability of critical difficulty discovered in several My Cloud NAS models.
In a security counseling, the company said it was tipped on an OS Command Injection Error in the My Cloud user interface that could be abused through specially designed HTTP postal requests sent to vulnerable devices.
The attack would give the threat actors Remote Code Execution (RCE) Capacities-It is traced as CVE-2025-30247 and got a severity of 9.3/10 (critical). Here is a complete list of the affected models:
My cloud per2100
My cloud PR4100
My cloud ex4100
My cloud ex2 ultra
My cloud mirror gen 2
My Sky DL2100
My cloud ex2100
My Sky DL4100
My Sky WDBCTLXXXXX-10
The end of life
My Cloud DL4100 and my Cloud DL2100 are two models that have reached their life status and as such do not get an update.
Users are advised to migrate to a newer model and then apply firmware -patch to bring the device to version 5.31.108.
Default settings allow for automatic patch management, but Western Digital still encourages users to double control the version they run.
Alternatively, they may take the device offline until they install the patch, but in this case, Cloud -Service features will not be available.
The devices manufacture a number of personal cloud storage solutions that are mainly used for backing up multimedia and documents, streaming it to smart TVs and mobile devices or sharing with other people.
My cloud is primarily designed for personal use, but there are some models (mostly those in the ex and the PR series) that come with RAID support, multiple drives and improved user control, which also makes them somewhat suitable for small offices or consumer environments.
Via Bleeping computer
