CVE-2025-30248 | THREATINT

Description

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.

PUBLISHED Reserved 2025-03-19 | Published 2026-01-26 | Updated 2026-01-26 | Assigner WDC PSIRT

HIGH: 8.9CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-427

Product status

Default status

unaffected

Any version before 5.3

affected

Credits

Kazuma Matsumoto, Security Researcher at GMO Cybersecurity by IERAE, Inc finder

References

www.westerndigital.com/...-discovery-desktop-app-version-5-3

cve.org (CVE-2025-30248)

nvd.nist.gov (CVE-2025-30248)

Download JSON