CVE-2025-57699_CVE-2025-57699

8.4 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path.
A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.

Basic Information

ID CVE-2025-57699

Source jpcert

Published Aug 22, 2025 at 06:37

Affected Product

Vendor Western Digital Corporation

Product Western Digital Kitfox for Windows

Version prior to 1.1.1.1

Affected Versions Western Digital Corporation Western Digital Kitfox for Windows prior to 1.1.1.1

CWE Classification

CWE-428

References

{
    "lastseen": "",
    "description": "Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path.\r\nA user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.",
    "published": "2025-08-22T06:37:41.158Z",
    "modified": "2025-08-22T06:37:41.158Z",
    "type": "cve",
    "title": "CVE-2025-57699",
    "source": "jpcert",
    "references": "https://www.westerndigital.com/support/product-security/wdc-25004-western-digital-kitfox-software-version-1-1-1-1\nhttps://jvn.jp/en/jp/JVN75211379/",
    "id": "CVE-2025-57699",
    "bulletinFamily": "",
    "cwe": [
        "CWE-428"
    ],
    "cvelist": null,
    "sourceData": "Western Digital Corporation Western Digital Kitfox for Windows prior to 1.1.1.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Western Digital Kitfox for Windows",
    "version": "prior to 1.1.1.1",
    "vendor": "Western Digital Corporation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}