A high-severity vulnerability has been disclosed in Western Digital’s WD Discovery desktop app for Windows, tracked as CVE-2025-30248, which could allow attackers to execute arbitrary code on affected systems.
Vulnerability Details
- Affected versions: WD Discovery 5.2.730 and earlier.
- Root cause: DLL Search Order Hijacking in the WD Discovery installer.
- Additional issues: EXE and DLL hijacking vulnerabilities in the Tiny Installer component.
- Attack vector:
- Local attacker places a malicious DLL in the installer’s search path.
- Installer loads and executes the malicious DLL.
- Attacker gains full code execution with installer privileges.
Impact
- Severity: CVSS 4.0 score 8.9 (HIGH).
- Risk scenarios:
- Shared workstations with multiple users.
- Weak physical security environments.
- Consequences:
- Full system compromise.
- Arbitrary code execution with installer-level privileges.
Mitigation
- Patched version: WD Discovery 5.3 (released December 19, 2025).
- Update methods:
- Automatic update notifications via WD Discovery.
- Manual download from the official WD Discovery Downloads page.
- Best practices:
- Immediately upgrade to version 5.3.
- Remove older versions from shared or sensitive environments.
- Monitor for suspicious DLL/EXE activity in installer paths.
Takeaway
This vulnerability highlights the critical risk of DLL hijacking in widely used desktop utilities. While exploitation requires local access, the potential for system-wide compromise makes patching urgent. Organizations should update to WD Discovery 5.3 immediately and enforce strong workstation security controls.
Leave a Reply