216.73.217.176

CVE-2025-35471

· Published 13/05/2025 02:15 · Modified 13/05/2025 02:15

Labels: CVE-2025-35471 2025-05-139119a7d8-5eab-497f-8521-727c672e3725CVE-2025-35471CWE-427

Essential information

Published
13/05/2025 02:15
Modified
13/05/2025 02:15
Author
Creator
CVSS
7.0 HIGH (v3) 7.0 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
conda-forge / openssl-feedstock cpe:2.3:a:conda-forge:openssl-feedstock:*:*:*:*:*:*:*:*
miniforge / miniforge cpe:2.3:a:miniforge:miniforge:<24.5.0:*:*:*:*:*:*:*

References