CVE-2025-65199

Summary

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.

Affected Software

VendorProductVersion RangeStatus
WindscribeWindscribe for Linux Desktop App2.10.1 < 2.18.3-alphaaffected
WindscribeWindscribe for Linux Desktop App2.10.1 < 2.18.8affected
WindscribeWindscribe for Linux Desktop App2.18.3-alphaunaffected
WindscribeWindscribe for Linux Desktop App2.18.8unaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References