CVE-2025-30248

HIGH

WD Discovery <5.2.730 - RCE

Title source: llm

Description

DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allows a local attacker to execute arbitrary code via placement of a crafted dll in the installer's search path.

References (1)

[Various Sources] https://www.westerndigital.com/support/product-security/wdc-25008-wd-discovery-desktop-app-version-5-3

Scores

CVSS v4 8.9

EPSS 0.0003

EPSS Percentile 8.6%

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-427

Status published

Products (1)

Western Digital/WD Discovery < 5.3

Published Jan 26, 2026

Tracked Since Feb 18, 2026