WD patches NAS security flaw which could have allowed full takeover

WD patches NAS security flaw which could have allowed full takeover




  • Western Digital patches critical RCE flaw CVE-2025-30247 in multiple My Cloud NAS models
  • Vulnerability exploited via crafted HTTP POST requests targeting the My Cloud user interface
  • End-of-life models won’t receive updates; users urged to patch or migrate to newer devices

Data storage giant Western Digital just fixed a critical-severity vulnerability that was discovered in multiple My Cloud NAS models.

In a security advisory, the company said it was tipped off about an OS command injection flaw in the My Cloud user interface, that could be abused through specially crafted HTTP POST requests sent to vulnerable devices.



Source: Techradar

Leave a Reply

Your email address will not be published. Required fields are marked *