High-Severity Flaw in Western Digital Installer Opens Door to Code Execution

Western Digital, a titan in the data storage industry, has rolled out a critical update for its widely used WD Discovery software after security researchers uncovered a dangerous flaw in its installer. Tracked as CVE-2025-30248, the vulnerability carries a CVSS severity score of 8.9, signaling a high risk for Windows users who haven’t yet patched.

The flaw allows a local attacker to perform a classic but deadly maneuver known as DLL hijacking, effectively tricking the trusted installer into running malicious code.

The vulnerability lies within the installation mechanism of WD Discovery version 5.2.730. When the installer launches, it attempts to load specific Dynamic Link Libraries (DLLs)—the shared code files that Windows applications rely on to function.

However, due to an insecure search path configuration, the installer doesn’t just look in secure system folders; it also checks its own current directory.

This creates a window of opportunity for attackers. By placing a “crafted” (malicious) DLL in the same folder as the installer, a local attacker can intercept the loading process. When a user—or an administrator—runs the installer, the application unwittingly loads the attacker’s fake DLL instead of the legitimate one.

Once loaded, the malicious code executes with the privileges of the installer. Since installers typically require administrative rights to set up drivers and software, this allows the attacker to gain full control over the system, execute arbitrary commands, or install persistent malware.

Western Digital extended its thanks to Kazuma Matsumoto, a security researcher at GMO Cybersecurity by Ierae, Inc., as well as researcher David Silva, for identifying the flaw and responsibly reporting it.

Western Digital acted swiftly to close the gap following reports from the security researchers. The company has released WD Discovery version 5.3, which corrects the search path behavior to ensure only legitimate, trusted DLLs are loaded.

Users are strongly advised to upgrade to version 5.3 immediately to mitigate the risk.

Related Posts:

• CVE-2025-30247: Critical Command Injection Flaw in Western Digital My Cloud NAS Devices
• Western Digital’s WD Discovery App Exposed to Code Execution Vulnerability
• Western Digital (WD) My Cloud EX2 Storage Device Default Configuration Leaked File
• A Local Privilege Escalation flaw exists on Western Digital My Cloud