CVE-2025-35471

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921	Patch
https://github.com/conda-forge/openssl-feedstock/issues/201	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:conda-forge:miniforge::::::::
	cpe:2.3:a:conda-forge:openssl-feedstock::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

23 Sep 2025, 15:47

Type	Values Removed	Values Added
References	~~() https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921 -~~	() https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921 - Patch
References	~~() https://github.com/conda-forge/openssl-feedstock/issues/201 -~~	() https://github.com/conda-forge/openssl-feedstock/issues/201 - Exploit, Issue Tracking
CPE		cpe:2.3:a:conda-forge:miniforge:::::::: cpe:2.3:a:conda-forge:openssl-feedstock:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
First Time		Conda-forge miniforge Conda-forge Microsoft Microsoft windows Conda-forge openssl-feedstock

13 May 2025, 19:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 02:15

Updated : 2025-09-23 15:47

NVD link : CVE-2025-35471

Mitre link : CVE-2025-35471

CVE.ORG link : CVE-2025-35471

JSON object : View

Products Affected

microsoft

windows

conda-forge

miniforge
openssl-feedstock

CWE

CWE-427

Uncontrolled Search Path Element

{"id": "CVE-2025-35471", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-13T02:15:17.607", "references": [{"url": "https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921", "tags": ["Patch"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}, {"url": "https://github.com/conda-forge/openssl-feedstock/issues/201", "tags": ["Exploit", "Issue Tracking"], "source": "9119a7d8-5eab-497f-8521-727c672e3725"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "9119a7d8-5eab-497f-8521-727c672e3725", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected."}, {"lang": "es", "value": "Conda-forge openssl-feedstock anterior a la versi\u00f3n 066e83c (20/05/2024), en Microsoft Windows, configura OpenSSL para usar una ruta de archivo OPENSSLDIR accesible para usuarios locales sin privilegios. Al escribir un archivo openssl.cnf especialmente manipulado en OPENSSLDIR, un usuario local sin privilegios puede ejecutar c\u00f3digo arbitrario con sus privilegios o procesar la carga de DLL de openssl-feedstock. Miniforge anterior a la versi\u00f3n 24.5.0 tambi\u00e9n se ve afectado."}], "lastModified": "2025-09-23T15:47:38.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:conda-forge:miniforge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6660A5C-90B3-4C37-BAC6-0FC79E19C4FE", "versionEndExcluding": "24.5.0"}, {"criteria": "cpe:2.3:a:conda-forge:openssl-feedstock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F688C287-6E12-4CD3-8F7E-E039E669AA56", "versionEndExcluding": "2024-05-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725"}