CVE-2025-62220
- Source
- https://cve.org/CVERecord?id=CVE-2025-62220
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62220.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-62220
- Published
- 2025-11-11T18:15:49.730Z
- Modified
- 2026-03-13T03:40:40.963795Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a network.
- References
Affected packages
Git / github.com/microsoft/wsl
Affected versions
0.*
0.47.1
0.48.2
0.50.2
0.51.0
0.51.2
0.51.3
0.56.1
0.56.2
0.58.0
0.58.1
0.58.3
0.60.0
0.61.4
0.61.5
0.61.8
0.64.0
0.65.1
0.65.2
0.65.3
0.66.2
0.67.6
0.68.2
0.68.4
0.70.0
0.70.4
0.70.5
0.70.8
1.*
1.0.0
1.0.1
1.0.3
1.1.0
1.1.2
1.1.3
1.1.5
1.1.6
1.1.7
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.3.10
1.3.11
1.3.14
1.3.15
1.3.17
2.*
2.0.0
2.0.1
2.0.11
2.0.12
2.0.14
2.0.15
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.3
2.1.4
2.1.5
2.2.1
2.2.2
2.2.3
2.2.4
2.3.11
2.3.12
2.3.13
2.3.14
2.3.17
2.3.21
2.3.22
2.3.24
2.3.25
2.3.26
2.4.10
2.4.11
2.4.12
2.4.13
2.4.4
2.4.5
2.4.8
2.4.9
2.5.1
2.5.10
2.5.4
2.5.6
2.5.7
2.5.8
2.5.9
2.6.0
2.6.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-62220.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"325260112266255820907638633481867496274",
"278978057703698540117331948953354976166",
"255972096160573848082827421773441524159",
"214507080324027795293368854443401876418",
"45670267098719440328689890808257496952",
"97297921131179832929351130237301619413",
"291301400567921000747765956509303636946"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-1a1d6625",
"target": {
"file": "src/windows/common/socket.hpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "161325191873113544642999238830788524213",
"length": 229.0
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-1a560b3d",
"target": {
"file": "src/windows/common/hvsocket.cpp",
"function": "wsl::windows::common::hvsocket::Accept"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"72512558004035156838942277023125315915",
"315978245901331039322319570588100884056",
"110992001706490276773809764421439896114",
"193154009352787627504636212085149298967",
"61636267813817423781751731678355624317",
"41617228964185154673918457559757541275",
"79357654960451419441088647985368608721"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-1c246cd4",
"target": {
"file": "src/shared/inc/stringshared.h"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"292549554225262505216354688006669037456",
"200070876296166481216026882368481734169",
"120403186559250847106016665660944635495",
"232947661715265257663978279115801458182",
"166370943468207917423468841311639412406"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-1ea87c56",
"target": {
"file": "src/windows/common/hvsocket.hpp"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"113519407820687700164053499244219659908",
"295777406726917962611521684352602091462",
"12964101256193789696219295733526309360",
"64607301630211382530430846826030444407",
"195029756259319914427522077180231511953",
"124108239971073343465771881128965729554"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-4568ed73",
"target": {
"file": "src/windows/service/exe/WslCoreVm.cpp"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"117506291921393263099091123111288411985",
"96602094459029580607434578360302965412",
"186055437591352852915837183080830209516",
"129363385705570144849935017987844186038"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-4bc7f30d",
"target": {
"file": "src/windows/service/exe/WslCoreVm.h"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"278222343083447102180607335122750848947",
"251493784328618037331123174778648913534",
"36124032973140933763232994387495457291",
"65902972934241666831442166538764947541",
"153682248270081643625189938337866815773",
"48786117829119282679726908000602260518",
"49713476590270596281305560891087008541",
"54422253841306184182896726835027955570",
"232752598002020181113162976251103272961",
"192518315674599520840219123802797563026",
"95482253623473497566605721661296250374",
"308595344192067570928281322066068748285",
"212013498998653628894588390358131164893",
"301741217733551116251290974603865410256",
"115814229496039477780492126355576338377",
"207345051314485888865691715404457241165",
"256450144118801399354526017613125307757",
"122067888729153824069040413826499618834",
"252793803100991648672286360176132414594",
"152321523479257340200346582169064597043",
"33472465026225507699658279667704549770",
"166873578068029993888894767421509928077",
"67083625614914221829168865764918832794",
"141757629222725390434051315650775633614",
"209323795870123139205579530947413798717",
"285678407417000073067467034282648844698",
"292714056018313412885384548920299498316",
"189783259735380980672308885806329820691",
"137747654041465305489919727248302411179",
"97364897608672661286825067668344484868",
"53774864501736015475697179388230777622",
"12694994913939994438296925079600758235",
"304110776151974169875584628403282221699",
"50165153140797068511913985922573339887",
"170265093214089663405424632478351708106",
"55093286865504168929114323734070490513",
"203412106958797436649513154108497608233",
"247379017815794145592044833383099739608",
"98021468962936930432228931581703556831",
"108557277504451327940049263107143288431",
"270355633799730316849641892333085957551",
"144395526946635653246408611681702132237",
"141482139587139924974117310515454614386",
"199629737702017172897216330431914257978",
"174722378971609456753575935520388951521",
"193560359277813827549982348768611372549",
"235451094036832993631529801958458979723",
"174121198774766940938586724329959235940",
"236970746601863198130430185973713338735",
"326915061654451179459518471503898862587"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-79bb0f95",
"target": {
"file": "src/windows/common/socket.cpp"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"203311393147405397451179656790896738635",
"108008640365253487025492315385515662170",
"76327385080367215699675546551582117316",
"35103982762157518128975422617358683942",
"73223915427589049833264461380172656705",
"104031111029764787931797029334926455415",
"210836674095244731288777184783576948313",
"299572471082739547099455188145958402956"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-9802787f",
"target": {
"file": "src/linux/init/util.h"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"257426445257352482058061277336162910073",
"113136170720521748228912433314690100606",
"79462941908161851131482497787942902556",
"226539180600460796755742763381886402479",
"142726582728406362370363329647039976218",
"55133595245600552060386118150595572889",
"75731935303892789022964438592681553160",
"83498991994989963164145387737813827977",
"192273519253536642950740714587309675729",
"17913517684854701648924908289901099397",
"172068078066077934206958172834003478878",
"309188227823029316560819759050238599115",
"22930354180950702134534862695740625139",
"174962746788427366180781868564352658883",
"283310186518704788916904751203994075640",
"147675826932138612904028184210150000074",
"217559804952573823376049506705657304109",
"187273448401474483346419443729941720952"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-c176714b",
"target": {
"file": "src/windows/common/hvsocket.cpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "27777882150857048033454365409176528689",
"length": 407.0
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-c32340e0",
"target": {
"file": "src/windows/common/socket.cpp",
"function": "wsl::windows::common::socket::Receive"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "34637315909379151350259066692444516697",
"length": 684.0
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-c9233d3b",
"target": {
"file": "src/windows/common/socket.cpp",
"function": "wsl::windows::common::socket::Accept"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"196435720522121300640483836592410268993",
"59865069944751815247198277906087319149",
"286830347365472719587921028908037146066",
"334360871119253691687176315783106713364",
"10296289349541900431984954978089678362",
"231929692093772071624672319739289056338",
"237687643536540330536919573861288462169",
"146806813551017948088751018402613983975",
"310046400705789194421595554747372701579",
"186066641104066084888064362119320148745",
"171629888594295364166982981218775404250",
"240964874913545975802188989432459495665",
"274543123685303986415859618216674529694",
"157167324105609206575123387984980588861",
"212018271738033324008136672458423159791",
"34696358523199703126039191148677437851",
"339757916930000199219457044214022857091",
"103109779046015925322773565398945723726",
"186518462285973660447976477531418845815",
"87990723223691459832242662048266327981",
"167995038110613885192803122309174482122",
"217121819088177149720253085553632395201",
"230096921174263020735166311184567358802",
"242522580255562209894619417568014861056",
"305888390716309882279792246611777824237"
],
"threshold": 0.9
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-caa1415d",
"target": {
"file": "src/linux/init/util.cpp"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "65499261369361904743776380245889056520",
"length": 382.0
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-ee85195d",
"target": {
"file": "src/windows/service/exe/WslCoreVm.cpp",
"function": "WslCoreVm::AcceptConnection"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "11796347808882673444904593850409805481",
"length": 1187.0
},
"source": "https://github.com/microsoft/wsl/commit/c7aad6161166d330099cc48ceab7ee158b8225a2",
"id": "CVE-2025-62220-fee32aa4",
"target": {
"file": "src/windows/common/socket.cpp",
"function": "wsl::windows::common::socket::GetResult"
}
}
]