Western Digital has revealed a serious security flaw in its Windows desktop program, WD Discovery, which could let hackers run arbitrary code on compromised systems. The bug, known as CVE-2025-30248, was fixed in December 2025 and impacts all WD Discovery versions prior to version 5.3. Overview of Vulnerabilities The Tiny Installer component of WD Discovery has a DLL search order hijacking vulnerability in addition to DLL and EXE hijacking.

Attackers can potentially force the application to load malicious libraries rather than valid system files by manipulating the DLL loading process. A risky attack method known as "dll search order hijacking" involves adversaries placing trojan DLLs in directories that are given priority when Windows searches for DLLs.

A vulnerable application looks for necessary DLL files in a particular order when it loads. Windows will load the malicious DLL in place of the legitimate library if attackers are able to place the malicious DLL in a location that appears earlier in this search order. The vulnerability, which happens when software uses a fixed search path to locate resources, is categorized under CWE-427 (Uncontrolled Search Path Element).

Attackers can still take control of one or more locations along that path. Applications that load DLL files without providing fully qualified paths are frequently impacted by this vulnerability. Attack Situations and Consequences If CVE-2025-30248 is successfully exploited, attackers may be able to run arbitrary code with the same rights as the WD Discovery program.

Unauthorized access to private information kept on Western Digital drives, the installation of more malware or backdoors, privilege escalation if the program operates with elevated permissions, and, in the worst case, total system compromise are just a few of the dire outcomes that could result from this. Because the vulnerability necessitates user interaction, attackers would have to deceive victims into opening files from compromised directories or launching a malicious installer. Phishing campaigns, social engineering techniques, or compromising shared network locations could all be used to achieve this.

On December 19, 2025, Western Digital released WD Discovery version 5.3, which fixed these security flaws. Both the DLL search order hijacking vulnerability and the EXE and DLL hijacking problems discovered in the Tiny Installer component are fully fixed in this update.

Installing the security update will be automatically prompted for users of WD Discovery running vulnerable versions. As an alternative, users can follow the installation guidelines in the WD Discovery Online User Guide or manually download the patched version 5.3 from Western Digital's official downloads page. Security researchers David Silva and Kazuma Matsumoto of GMO Cybersecurity by IERAE, Inc. were acknowledged by Western Digital for their responsible disclosure of these vulnerabilities through coordinated disclosure procedures.

To remove the possibility of exploitation, all WD Discovery users should update to version 5.3 or later right away. Businesses that use WD Discovery in corporate settings ought to give this update top priority and confirm that all systems have been patched. To stop unauthorized code execution, security teams should also use application whitelisting and keep an eye out for odd DLL loading behavior.

CVE-2025-30248 Technical Information Details of the CVE ID CVE-2025-30248 DLL Search Order Vulnerability Type DLL, EXE, and hijacking