Western Digital disclosed a critical OS command injection vulnerability (CVE-2025-30247) in multiple My Cloud NAS models, including PR2100, PR4100, EX4100, EX2 Ultra, Mirror Gen 2, DL2100, EX2100, DL4100, and WDBCTLxxxxxx-10. The flaw allows remote attackers to execute arbitrary system commands via crafted HTTP POST requests, potentially leading to unauthorized file access, modification, deletion, user enumeration, or binary execution. While primarily affecting small businesses, home offices, and consumers, exploitation could enable data theft, botnet recruitment, proxy misuse, or ransomware deployment. Two models (DL4100 and DL2100) are end-of-support (EoS), leaving them unpatched. Users are urged to update to firmware 5.31.108 immediately or disconnect devices until patched. Automatic updates were rolled out on September 23, 2025, but manual updates are also available. Failure to patch risks severe compromise of stored data, including potential lateral movement into connected networks or ransomware attacks targeting backups and sensitive files.

Western Digital disclosed a critical remote code execution (RCE) vulnerability (CVE-2025-30247) in the firmware of its My Cloud NAS devices, affecting models like My Cloud PR2100, PR4100, EX2 Ultra, and others running firmware versions prior to v5.31.108. The flaw, an OS command injection in the user interface, allows unauthenticated attackers to execute arbitrary system commands via a crafted HTTP POST request without user interaction.A successful exploit grants full system control, enabling attackers to access, encrypt, delete, or modify all stored data, including backups, project files, and sensitive documents. The compromised device could also serve as a launchpad for lateral movement within the same network, risking further breaches of connected systems.While no in-the-wild exploitation has been reported, the vulnerability poses a severe risk to home and small business users relying on these devices for storage and backups. Western Digital urged immediate firmware updates, with automatic updates already applied to connected devices. Failure to patch could lead to data loss, ransomware deployment, or network-wide compromise if exploited by threat actors.

Customers of Western Digital are being informed of a data breach that exposed their private information. It stopped a number of its services in response to the incident. The business acknowledged that various systems had been compromised by an unauthorised individual. To confirm that threat actors stole sensitive personal information in the March attack, the organisation is notifying customers of data breaches through letters. According to the corporation, they are collaborating with law enforcement to examine the full scope of the occurrence with the help of renowned forensic and security specialists.

Western Digital experienced a ransomware assault, and as a result, it had to suspend some of its services. The company acknowledged that various systems had been compromised by an unauthorised individual. My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, and SanDisk Ixpand Wireless Charger were all impacted by a service outage encountered by Western Digital. Customer names, shipping and billing addresses, phone numbers, and email addresses were among the information that was exposed. Customer passwords that had been hashed or salted as well as a portion of their credit card details were found in the hacked database, the company noted. Customers of Western Digital are advised to exercise caution when responding to unsolicited mailings that request personal information from them or direct them to a website that does the same. Customers are advised against opening attachments or clicking on links in shady communications.