OpenSSL Configuration Vulnerability in conda-forge on Microsoft Windows
CVE-2025-35471

7HIGH

Key Information:

Vendor: Conda-forge
Status: OpenSSL-feedstock; Miniforge
Vendor: CVE Published:; 13 May 2025

🔔 Create Conda-forge Vulnerability Alert

What is CVE-2025-35471?

The conda-forge openssl-feedstock prior to version 066e83c on Microsoft Windows is susceptible to an improper configuration vulnerability. This flaw allows non-privileged local users to modify the OPENSSLDIR file path, leading to the potential execution of arbitrary code. By crafting a malicious openssl.cnf file within this directory, attackers can escalate their actions to execute code with the privileges of the user or process loading the affected DLLs. Users of impacted versions, including Miniforge before 24.5.0, should take immediate measures to update their installations and mitigate the risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

miniforge 0 < 24.5.0

openssl-feedstock 0 < 066e83c

miniforge 24.5.0

References

https://github.com/conda-forge/openssl-feedstock/commit/0...

https://github.com/conda-forge/openssl-feedstock/issues/201

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 15, 2025

JSON

Conda-forge

What is CVE-2025-35471?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.