Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands.
Tracked as CVE-2025-30247, the flaw is an OS command injection in the user interface of My Cloud and can be leveraged through specially crafted HTTP POST requests sent to vulnerable endpoints.
The vulnerability was reported to Western Digital by a security researcher using the alias “w1th0ut.” The storage device maker released firmware version 5.31.108 to address the issue that impacts all previous versions for the following models:
My Cloud PR2100
My Cloud PR4100
My Cloud EX4100
My Cloud EX2 Ultra
My Cloud Mirror Gen 2
My Cloud DL2100
My Cloud EX2100
... continue reading