CVE-2025-35471 is a high-severity vulnerability classified under CWE-427 (Uncontrolled Search Path Element) affecting the conda-forge openssl-feedstock package on Microsoft Windows systems. The issue arises because the OPENSSLDIR configuration path used by OpenSSL can be written to by non-privileged local users. This directory is intended to store configuration files such as openssl.cnf, which OpenSSL loads during runtime. An attacker with local access but limited privileges can exploit this by placing a specially crafted malicious openssl.cnf file into the writable OPENSSLDIR path. When OpenSSL loads this configuration, the malicious file can cause arbitrary code execution with the privileges of the user or process loading the OpenSSL DLLs. This vulnerability also affects Miniforge versions prior to 24.5.0, which rely on the same openssl-feedstock. The vulnerability is specific to Windows environments and is due to insecure directory permissions allowing untrusted users to influence the OpenSSL configuration. The CVSS v3.1 base score is 7.3, reflecting a high severity with local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The impact affects confidentiality, integrity, and availability, as arbitrary code execution can lead to full compromise of the affected process or user session. No known exploits are currently reported in the wild, and no official patches have been linked yet, though the vulnerability was published on May 13, 2025, and the vulnerable commit is identified as before 066e83c dated May 20, 2024.

For European organizations, this vulnerability poses a significant risk especially in environments where conda-forge openssl-feedstock or Miniforge are used on Windows systems. Since OpenSSL is a widely used cryptographic library, any compromise can lead to unauthorized access to sensitive data, credential theft, or further lateral movement within networks. The ability for a non-privileged local user to escalate privileges or execute arbitrary code undermines endpoint security and can facilitate persistent threats or ransomware deployment. Organizations relying on data science, machine learning, or scientific computing environments that use conda or Miniforge distributions are particularly at risk. The vulnerability could also affect development and build pipelines if these tools are used in CI/CD environments on Windows. The requirement for local access and user interaction somewhat limits remote exploitation but insider threats or compromised user accounts could exploit this vulnerability to escalate privileges or execute malicious payloads. The impact on confidentiality, integrity, and availability is high, potentially leading to data breaches, system compromise, and operational disruption.

European organizations should immediately audit their Windows systems for installations of conda-forge openssl-feedstock and Miniforge versions prior to 24.5.0. Until official patches are released, organizations should restrict write permissions on the OPENSSLDIR directory to trusted administrators only, preventing non-privileged users from modifying or adding files. Implementing strict access control lists (ACLs) on the filesystem to enforce least privilege is critical. Additionally, monitoring for unexpected changes to openssl.cnf or other configuration files within OPENSSLDIR can help detect exploitation attempts. Organizations should also consider isolating or sandboxing environments running vulnerable versions to limit potential damage. Updating to the latest patched versions once available is essential. Employing endpoint detection and response (EDR) solutions to detect anomalous DLL loading or process behavior related to OpenSSL can provide early warning. User education to minimize risky behavior and limiting local user privileges will further reduce the attack surface. Finally, reviewing and hardening local user account policies and monitoring for suspicious local user activity is recommended.