- Western Digital Patches RCE FLAW CVE-2025-30247 in multiple My Cloud Nas models
- Exploited vulnerability through HTTP Publication Applications designed to my cloud user interface in the cloud
- The end of life models will not receive updates; Users urged to patch or migrate to newer devices
The Western Digital data storage giant has just set a critical severity vulnerability that was discovered in multiple My Cloud Nas models.
In a security notice, the company said that it had proposed about an operating system command failure in the user interface of my cloud, which could be abused through HTTP applications specially developed by vulnerable devices.
The attack would grant the execution capabilities of the remote code of the threat actors (RCE): it is traced as CVE-2025-30247, and it was given a gravity score of 9.3/10 (critical). Here is a complete list of the affected models:
My PR2100 cloud
My PR4100 cloud
My ex4100 cloud
My Ex2 Ultra Cloud
My Cloud Mirror Gen 2
My cloud DL2100
My ex2100 cloud
My cloud DL4100
My WDBCTLXXXXX-10 cloud
End of life
My Cloud DL4100 and my cloud DL2100 are two models that have reached their end of life and, as such, will not receive an update.
Users are recommended to migrate to a newer model and then apply the firmware patch to bring the device to version 5.31.108.
The default configuration allows automatic patches management, but Western Digital still urges users to verify the version they are running.
Alternatively, the device can take off until they install the patch, but in that case, the characteristics of the cloud service will not be available.
The devices make a line of personal storage solutions in the cloud, mainly used to support multimedia and documents, transmit it to smart televisions and mobile devices, or share with other people.
My cloud is designed mainly for personal use, but there are some models (mainly those of the Ex and PR series) that come with support of raids, multiple transmission bays and management of improved users, which also makes them something suitable for small offices or prosumer environments.
Through Bleepingcomputer
