CVE-2025-35471

conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921	Patch
https://github.com/conda-forge/openssl-feedstock/issues/201	Exploit Issue Tracking

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:conda-forge:miniforge::::::::
	cpe:2.3:a:conda-forge:openssl-feedstock::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

23 Sep 2025, 15:47

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:conda-forge:openssl-feedstock:::::::: cpe:2.3:a:conda-forge:miniforge::::::::
First Time		Microsoft windows Conda-forge openssl-feedstock Conda-forge miniforge Microsoft Conda-forge
References	~~() https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921 -~~	() https://github.com/conda-forge/openssl-feedstock/commit/066e83c5226bafe90a9c0575b077ce30cd5f5921 - Patch
References	~~() https://github.com/conda-forge/openssl-feedstock/issues/201 -~~	() https://github.com/conda-forge/openssl-feedstock/issues/201 - Exploit, Issue Tracking

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) Conda-forge openssl-feedstock anterior a la versión 066e83c (20/05/2024), en Microsoft Windows, configura OpenSSL para usar una ruta de archivo OPENSSLDIR accesible para usuarios locales sin privilegios. Al escribir un archivo openssl.cnf especialmente manipulado en OPENSSLDIR, un usuario local sin privilegios puede ejecutar código arbitrario con sus privilegios o procesar la carga de DLL de openssl-feedstock. Miniforge anterior a la versión 24.5.0 también se ve afectado.

13 May 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 02:15

Updated : 2025-09-23 15:47

NVD link : CVE-2025-35471

Mitre link : CVE-2025-35471

CVE.ORG link : CVE-2025-35471

JSON object : View

Products Affected

conda-forge

openssl-feedstock
miniforge

microsoft

windows

CWE

CWE-427

Uncontrolled Search Path Element

7.3 /10