Vulnerability Details CVE-2025-35471
conda-forge openssl-feedstock before 066e83c (2024-05-20), on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary code with the privileges of the user or process loading openssl-feedstock DLLs. Miniforge before 24.5.0 is also affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.9%
CVSS Severity
CVSS v3 Score 7.3
References
Products affected by CVE-2025-35471
-
cpe:2.3:a:conda-forge:miniforge:*
-
cpe:2.3:a:conda-forge:openssl-feedstock:*
-
cpe:2.3:o:microsoft:windows:-