CVE-2025-57699

MEDIUM

Western Digital Kitfox - Privilege Escalation

Title source: llm

Description

Western Digital Kitfox for Windows provided by Western Digital Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with the SYSTEM privilege.

References (2)

[Various Sources] https://www.westerndigital.com/support/product-security/wdc-25004-western-digital-kitfox-software-version-1-1-1-1

[Third Party Advisory] https://jvn.jp/en/jp/JVN75211379/

Scores

CVSS v3 6.7

EPSS 0.0002

EPSS Percentile 4.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-428

Status published

Products (1)

Western Digital Corporation/Western Digital Kitfox for Windows prior to 1.1.1.1

Published Aug 22, 2025

Tracked Since Feb 18, 2026