CVE-2025-30247 is an OS command injection vulnerability identified in the user interface component of Western Digital My Cloud NAS devices running firmware versions prior to 5.31.108. The vulnerability arises due to improper neutralization of special elements in OS commands (CWE-78), which allows an unauthenticated remote attacker to send a specially crafted HTTP POST request to the device's web interface and execute arbitrary system commands with the privileges of the web server process. This can lead to full compromise of the device, including unauthorized access to stored data, disruption of NAS services, and potential pivoting into internal networks. The vulnerability does not require any authentication or user interaction, increasing its exploitability. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). While no public exploits have been reported yet, the critical nature and ease of exploitation make this a high-priority vulnerability for remediation. Western Digital has not yet provided patch links, indicating that affected users should monitor for firmware updates and apply them promptly once available.

For European organizations, this vulnerability poses a significant risk to data confidentiality, integrity, and availability. Western Digital My Cloud NAS devices are widely used in small to medium enterprises and home office environments across Europe for centralized storage and backup. Successful exploitation could lead to unauthorized data access, data destruction, ransomware deployment, or use of compromised NAS devices as footholds for lateral movement within corporate networks. Critical sectors such as finance, healthcare, and government agencies that rely on these NAS devices for sensitive data storage are particularly vulnerable. Disruption of NAS services could impact business continuity and data availability. Additionally, the lack of authentication requirement and remote exploitability increase the likelihood of automated attacks targeting exposed devices, especially those accessible from the internet or poorly segmented internal networks.

European organizations should immediately inventory their Western Digital My Cloud NAS devices and verify firmware versions. Until official patches are released, organizations should restrict network access to the NAS management interface by implementing firewall rules to limit access to trusted IP addresses only. Disabling remote management features and ensuring the NAS devices are not directly exposed to the internet will reduce attack surface. Network segmentation should be enforced to isolate NAS devices from critical infrastructure. Monitoring network traffic for unusual HTTP POST requests targeting the NAS web interface can help detect exploitation attempts. Once Western Digital releases firmware updates addressing CVE-2025-30247, organizations must prioritize prompt patching. Additionally, implementing intrusion detection/prevention systems (IDS/IPS) with signatures for OS command injection attempts can provide further protection. Regular backups of NAS data should be maintained offline to mitigate potential data loss from compromise.