Unrated severityOSV Advisory· Published Dec 10, 2025· Updated Dec 18, 2025
Windscribe for Linux 'changeMTU' local privilege escalation
CVE-2025-65199
Description
A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8.
Affected products
2- Range: v2.10.10, v2.10.11, v2.10.12, …
- Range: <2.18.3-alpha, <2.18.8
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/Windscribe/Desktop-App/compare/v2.18.2...v2.18.3mitrepatch
- github.com/Windscribe/Desktop-App/compare/v2.18.2...v2.18.3mitrepatch
- hackingbydoing.wixsite.com/hackingbydoing/post/windscribe-vpn-local-privilege-escalationmitretechnical-descriptionthird-party-advisory
- raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-343-01.jsonmitregovernment-resourcethird-party-advisory
- www.cve.org/CVERecordmitre
News mentions
0No linked articles in our index yet.