216.73.216.86

CVE-2025-65199

· Published 10/12/2025 19:16 · Modified 23/12/2025 15:27

Labels: CVE-2025-65199 2025-12-109119a7d8-5eab-497f-8521-727c672e3725CVE-2025-65199CWE-78

Essential information

Published
10/12/2025 19:16
Modified
23/12/2025 15:27
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
windscribe / windscribe cpe:2.3:a:windscribe:windscribe:*:*:*:*:*:linux:*:*
windscribe / windscribe cpe:2.3:a:windscribe:windscribe:2.18.1:alpha:*:*:*:linux:*:*
windscribe / windscribe cpe:2.3:a:windscribe:windscribe:2.18.3:*:*:*:*:linux:*:*
windscribe / windscribe cpe:2.3:a:windscribe:windscribe:2.18.5:*:*:*:*:linux:*:*

References