WD Discovery App Flaw on Windows Allows Code Execution

A serious security vulnerability has been disclosed in Western Digital’s WD Discovery desktop application. This flaw potentially allows attackers to execute arbitrary code on Windows systems.

The flaw, tracked as CVE-2025-30248, affects WD Discovery version 5.2.730 and all prior releases.

The security issue involves a DLL hijacking vulnerability within the WD Discovery installer. This type of attack exploits the way Windows searches for dynamic-link library (DLL) files when applications load.

Local attackers can place a malicious DLL file in the installer’s search path, which the legitimate application then loads and executes, granting the attacker full code execution capabilities on the target system.

Beyond the primary DLL Search Order Hijacking vulnerability, Western Digital also identified additional EXE and DLL hijacking issues specifically within the Tiny Installer component used by WD Discovery.

These multiple attack vectors compound the security risk for users running vulnerable versions. While the vulnerability requires local access to exploit, the consequences are severe.

Successful exploitation allows attackers to execute arbitrary code with the same privileges as the WD Discovery installer, potentially compromising the entire system.

The issue particularly affects organizations where multiple users share workstations or where physical security controls may be weaker.

Western Digital has classified the vulnerability with a CVSS 4.0 score of 8.9 (HIGH severity), reflecting the significant threat it poses to affected systems.

Western Digital released WD Discovery version 5.3 on December 19, 2025, which fully addresses all identified vulnerabilities.

Users will receive automatic update notifications through the application, prompting them to install the security patch.

Alternatively, users can manually download version 5.3 from the official WD Discovery Downloads page.

Western Digital acknowledges Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc., and David Silva for responsibly disclosing these vulnerabilities through coordinated disclosure processes.

Windows users running any version of WD Discovery before 5.3 should immediately update their installations to mitigate potential exploitation risks.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.