CVE-2025-30247 is a critical OS command injection vulnerability identified in the user interface of Western Digital My Cloud NAS devices running firmware versions prior to 5.31.108. This vulnerability arises due to improper neutralization of special elements used in OS commands (CWE-78), allowing an unauthenticated remote attacker to execute arbitrary system commands on the affected device by sending a specially crafted HTTP POST request. The flaw exists because user-supplied input is not properly sanitized before being passed to system-level commands, enabling attackers to inject malicious commands that the operating system will execute with the privileges of the vulnerable service. The CVSS 4.0 base score of 9.3 reflects the high severity, with attack vector being network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), and resulting in high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). Exploitation could lead to full system compromise, data theft, destruction, or use of the NAS device as a pivot point for lateral movement within a network. Although no known exploits are currently reported in the wild, the ease of exploitation and critical impact make this a significant threat to organizations using Western Digital My Cloud NAS devices, especially those exposing the management interface to untrusted networks.

For European organizations, this vulnerability poses a substantial risk, particularly for those relying on Western Digital My Cloud NAS devices for critical data storage and backup. Exploitation could lead to unauthorized access to sensitive corporate data, disruption of business operations due to device compromise or denial of service, and potential use of compromised NAS devices as footholds for broader network intrusions. Given the common use of NAS devices in small to medium enterprises and departments within larger organizations, the impact could extend to data confidentiality breaches, loss of data integrity, and operational downtime. Additionally, compromised NAS devices could be leveraged in botnets or ransomware campaigns, increasing the threat landscape. The lack of required authentication and user interaction means attackers can remotely exploit this vulnerability without prior access, increasing the likelihood of attacks. This is particularly concerning for organizations with NAS devices accessible from the internet or poorly segmented internal networks.

Immediate mitigation steps include upgrading Western Digital My Cloud firmware to version 5.31.108 or later, where the vulnerability has been addressed. Organizations should verify the firmware version on all deployed devices and apply patches promptly. Until patches are applied, it is critical to restrict network access to the NAS management interface by implementing firewall rules that limit access to trusted IP addresses only, preferably within internal networks. Disabling remote management features or placing the NAS behind VPNs can further reduce exposure. Monitoring network traffic for unusual HTTP POST requests targeting the NAS device may help detect attempted exploitation. Additionally, organizations should review and harden NAS device configurations, disable unnecessary services, and ensure strong authentication mechanisms are in place for management interfaces. Regular backups and incident response plans should be updated to prepare for potential compromise scenarios. Finally, organizations should engage with Western Digital support channels for any additional recommended mitigations or updates.