CVE-2025-65199

HIGH

Windscribe 2.10.1-2.17.10 - Local Command Injection via changeMTU adapterName Parameter

Title source: llm

Description

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.

References (6)

Core 6

Core References

Patch patch

https://github.com/Windscribe/Desktop-App/compare/v2.18.2...v2.18.3?diff=unified&w#diff-cfc5df17057ed92112ae70a42c81c57c79f434429210ff881fb0771cf8e39b4c

Patch patch

https://github.com/Windscribe/Desktop-App/compare/v2.18.2...v2.18.3?diff=unified&w#diff-57e27ab201a1a612609087b839e03bf87a5a063ffcc3f465a6245469bc102754

Exploit, Press/Media Coverage, Third Party Advisory technical-description third-party-advisory

https://hackingbydoing.wixsite.com/hackingbydoing/post/windscribe-vpn-local-privilege-escalation

Third Party Advisory government-resource third-party-advisory

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-343-01.json

Third Party Advisory, US Government Resource

https://www.cve.org/CVERecord?id=CVE-2025-65199

Product product

https://github.com/Windscribe/Desktop-App

Scores

CVSS v3 7.8

EPSS 0.0109

EPSS Percentile 61.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (4)

windscribe/windscribe 2.18.1 alpha

windscribe/windscribe 2.18.3

windscribe/windscribe 2.18.5

windscribe/windscribe 2.10.1 - 2.17.10

Published Dec 10, 2025

Tracked Since Feb 18, 2026