Western Digital Patches Critical DLL Hijacking Flaw in WD Discovery for Windows
Western Digital has resolved a severe security vulnerability in its WD Discovery desktop application for Windows, which could have allowed attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-30248, impacts all versions of WD Discovery prior to 5.3 and was patched in December 2025.
The vulnerability stems from a DLL search order hijacking issue combined with EXE and DLL hijacking in the application’s Tiny Installer component. By exploiting this flaw, attackers could manipulate the DLL loading process, forcing the application to load malicious libraries instead of legitimate system files. The weakness is classified under CWE-427 (Uncontrolled Search Path Element), a common issue in applications that load DLLs without specifying fully qualified paths.
Successful exploitation could enable attackers to execute code with the same privileges as the WD Discovery application, leading to unauthorized data access, malware installation, privilege escalation, or full system compromise. The attack requires user interaction, such as tricking victims into running a malicious installer or opening files from compromised directories potentially via phishing or social engineering.
Western Digital released WD Discovery version 5.3 on December 19, 2025, addressing both the DLL search order hijacking and Tiny Installer vulnerabilities. The update is available via automatic prompts, manual download from Western Digital’s official site, or the WD Discovery Online User Guide. The company credited security researchers Kazuma Matsumoto (GMO Cybersecurity by IERAE, Inc.) and David Silva for responsibly disclosing the flaws.
Users and organizations are advised to upgrade to version 5.3 or later to mitigate risks. Enterprise security teams should also monitor for unusual DLL loading behavior and enforce application whitelisting to prevent unauthorized code execution.
Source: https://cyberpress.org/wd-discovery-desktop-app-vulnerability/
HGST, a Western Digital brand cybersecurity rating report: https://www.rankiteo.com/company/hgst-a-western-digital-company
"id": "HGS1769504226",
"linkid": "hgst-a-western-digital-company",
"type": "Vulnerability",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of WD Discovery for '
'Windows (versions prior to 5.3)',
'industry': 'Data Storage',
'name': 'Western Digital',
'type': 'Corporation'}],
'attack_vector': 'User Interaction (e.g., phishing, social engineering)',
'customer_advisories': 'Users and organizations are advised to upgrade to '
'version 5.3 or later.',
'date_resolved': '2025-12-19',
'description': 'Western Digital has resolved a severe security vulnerability '
'in its WD Discovery desktop application for Windows, which '
'could have allowed attackers to execute arbitrary code on '
'affected systems. The flaw, tracked as CVE-2025-30248, '
'impacts all versions of WD Discovery prior to 5.3 and was '
'patched in December 2025. The vulnerability stems from a DLL '
'search order hijacking issue combined with EXE and DLL '
'hijacking in the application’s Tiny Installer component. '
'Successful exploitation could enable attackers to execute '
'code with the same privileges as the WD Discovery '
'application, leading to unauthorized data access, malware '
'installation, privilege escalation, or full system '
'compromise.',
'impact': {'data_compromised': 'Unauthorized data access',
'operational_impact': 'Potential malware installation, privilege '
'escalation, or full system compromise',
'systems_affected': 'Windows systems running WD Discovery prior to '
'version 5.3'},
'investigation_status': 'Resolved',
'post_incident_analysis': {'corrective_actions': 'Patch released (version '
'5.3) to address '
'vulnerabilities',
'root_causes': 'DLL search order hijacking and '
'EXE/DLL hijacking in Tiny '
'Installer component (CWE-427)'},
'recommendations': 'Upgrade to WD Discovery version 5.3 or later. Enterprise '
'security teams should enforce application whitelisting to '
'prevent unauthorized code execution.',
'references': [{'source': 'Western Digital Security Advisory'},
{'source': 'Researchers: Kazuma Matsumoto (GMO Cybersecurity '
'by IERAE, Inc.) and David Silva'}],
'response': {'communication_strategy': 'Automatic prompts, manual download '
'from Western Digital’s official site, '
'WD Discovery Online User Guide',
'containment_measures': 'Patch released (WD Discovery version '
'5.3)',
'enhanced_monitoring': 'Monitor for unusual DLL loading behavior',
'remediation_measures': 'Upgrade to version 5.3 or later'},
'title': 'Western Digital Patches Critical DLL Hijacking Flaw in WD Discovery '
'for Windows',
'type': 'DLL Hijacking',
'vulnerability_exploited': 'CVE-2025-30248 (CWE-427: Uncontrolled Search Path '
'Element)'}