CVE-2025-57699

Summary

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.

Affected Software

VendorProductVersion RangeStatus
Western Digital CorporationWestern Digital Kitfox for Windowsprior to 1.1.1.1affected

Weaknesses

  • CWE-428: Unquoted search path or element

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References