Western Digital has patched a critical vulnerability (CVE-2025-30247) allowing remote attackers to execute arbitrary commands on multiple My Cloud NAS models via HTTP requests. Unpatched devices risk complete compromise including data theft, ransomware deployment, and botnet enlistment. Ten NAS models require immediate firmware updates, with two end-of-life devices lacking official fixes.