Western Digital's WD Discovery desktop program has been found to have a significant security flaw that could let hackers run arbitrary code on Windows computers. The vulnerability, known as CVE-2025-30248, is present in WD Discovery version 5.2.730 and all previous versions. A DLL hijacking vulnerability in the WD Discovery installer is the source of the security problem.

The way Windows looks for dynamic-link library (DLL) files when programs load is exploited by this kind of attack. In order to gain complete code execution capabilities on the target system, local attackers can insert a malicious DLL file into the installer's search path, which the legitimate application then loads and runs.

In addition to the main DLL Search Order Hijacking vulnerability, Western Digital found other EXE and DLL hijacking problems, particularly in the Tiny Installer component that WD Discovery uses. For users using vulnerable versions, the security risk is increased by these various attack vectors. Although exploiting the vulnerability requires local access, the repercussions are dire.

If the exploitation is successful, attackers can potentially compromise the entire system by executing arbitrary code with the same privileges as the WD Discovery installer. Organizations with multiple users sharing workstations or those with potentially lax physical security controls are especially affected by the problem. Western Digital has classified the vulnerability with a CVSS 4.0 score of 8.9 (HIGH severity), reflecting the significant threat it poses to affected systems.

On December 19, 2025, Western Digital released WD Discovery version 5.3, which completely fixes all vulnerabilities found. Users will be prompted to install the security patch by the application's automatic update notifications. Version 5.3 can also be manually downloaded by users from the official WD Discovery Downloads page.

Learn more Solutions for network security Reports on security vulnerabilities Malware elimination service Training in ethical hacking News stories about cybersecurity Exploits Malware Software for endpoint detection and response Taking advantage of Control of computer access Western Digital thanks David Silva and Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc., for responsibly revealing these vulnerabilities via coordinated disclosure procedures. To reduce the risk of exploitation, Windows users running any version of WD Discovery prior to 5.3 should update their installations right away.

X, LinkedIn, and X for daily updates on cybersecurity. To have your stories featured, get in touch with us.