A high-severity vulnerability in Western Digital’s WD Discovery installer (CVE-2025-30248) has been disclosed, with a CVSS score of 8.9 and a patch delivered in WD Discovery version 5.3. The flaw enables local attackers to perform DLL hijacking by exploiting an insecure search path in the installer, which, alongside the program looking in its own current directory, allows a crafted DLL placed in the same folder to be loaded instead of the legitimate one.
Once the malicious DLL is loaded, code executes with the privileges of the installer, potentially granting the attacker full control over the system and the ability to install persistent malware. The vulnerability affects Windows users who have not yet patched, and Western Digital has urged users to upgrade to version 5.3 to mitigate the risk. The company acknowledged researchers Kazuma Matsumoto of GMO Cybersecurity by Ierae, Inc., and David Silva for identifying and responsibly reporting the flaw. Western Digital acted quickly to fix the issue and advised immediate upgrade to the patched release.