CVE-2025-65199

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-65199
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65199.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-65199
Published
2025-12-10T19:16:34.957Z
Modified
2026-03-15T14:54:12.458669Z
Severity
  • 7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.

References

Affected packages

Git / github.com/Windscribe/Desktop-App

Affected ranges

Type
GIT
Repo
https://github.com/Windscribe/Desktop-App
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
196e71759c925422970ea20aae250b8dbb669542
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c2a09241add185f3ff14f486dee10ddf9c6492b8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.18.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.18.5"
        }
    ]
}

Affected versions

v2.*
v2.10.10
v2.10.11
v2.10.12
v2.10.14
v2.10.15
v2.10.4
v2.10.5
v2.10.6
v2.10.7
v2.10.8
v2.10.9
v2.11.11
v2.11.4
v2.11.5
v2.11.6
v2.11.7
v2.11.8
v2.11.9
v2.12.1
v2.12.2
v2.12.3
v2.12.4
v2.12.7
v2.13.2
v2.13.3
v2.13.4
v2.13.5
v2.13.6
v2.13.7
v2.13.8
v2.14.10
v2.14.12
v2.14.3
v2.14.4
v2.14.5
v2.14.6
v2.14.7
v2.14.8
v2.14.9
v2.15.3
v2.15.4
v2.15.5
v2.15.6
v2.15.7
v2.15.8
v2.16.11
v2.16.14
v2.16.2
v2.16.3
v2.16.4
v2.16.5
v2.16.6
v2.16.7
v2.16.8
v2.17.1
v2.17.2
v2.17.3
v2.17.4
v2.17.5
v2.17.6
v2.17.7
v2.17.9
v2.18.1
v2.18.2
v2.18.3
v2.3.15
v2.4.1
v2.4.11
v2.6.14
v2.7.14
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "2.10.1"
            },
            {
                "last_affected": "2.17.10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.18.1-alpha"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-65199.json"